CVE-2014-3513 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:N/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Affected Products (NVD)

Vendor	Product	Version
openssl	openssl	1.0.1
openssl	openssl	1.0.1:beta1
openssl	openssl	1.0.1:beta2
openssl	openssl	1.0.1:beta3
openssl	openssl	1.0.1a:a
openssl	openssl	1.0.1b:b
openssl	openssl	1.0.1c:c
openssl	openssl	1.0.1d:d
openssl	openssl	1.0.1e:e
openssl	openssl	1.0.1f:f
openssl	openssl	1.0.1g:g
openssl	openssl	1.0.1h:h
openssl	openssl	1.0.1i:i

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
sid	3.3.2-2 fixed
squeeze	not-affected
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

lucid	not-affected
precise	Fixed 1.0.1-4ubuntu5.20 released
trusty	Fixed 1.0.1f-1ubuntu2.7 released

openssl098

lucid	dne
precise	not-affected
trusty	dne

openSUSE / SLES Releases

openSUSE Product

Release

libopenssl-devel

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

libopenssl-fips-provider

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

openssl

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

openssl

RHEL 6	0:1.0.1e-30.el6_6.2 fixed
RHEL 7	1:1.0.1e-34.el7_0.6 fixed

openssl-devel

RHEL 6	0:1.0.1e-30.el6_6.2 fixed
RHEL 7	1:1.0.1e-34.el7_0.6 fixed

openssl-libs

RHEL 7

1:1.0.1e-34.el7_0.6

fixed

openssl-perl

RHEL 6	0:1.0.1e-30.el6_6.2 fixed
RHEL 7	1:1.0.1e-34.el7_0.6 fixed

openssl-static

RHEL 6	0:1.0.1e-30.el6_6.2 fixed
RHEL 7	1:1.0.1e-34.el7_0.6 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

http://advisories.mageia.org/MGASA-2014-0416.html

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142495837901899&w=2

http://marc.info/?l=bugtraq&m=142624590206005&w=2

http://marc.info/?l=bugtraq&m=142791032306609&w=2

http://marc.info/?l=bugtraq&m=142804214608580&w=2

http://marc.info/?l=bugtraq&m=142834685803386&w=2

http://marc.info/?l=bugtraq&m=143290437727362&w=2

http://marc.info/?l=bugtraq&m=143290522027658&w=2

http://marc.info/?l=bugtraq&m=143290583027876&w=2

http://rhn.redhat.com/errata/RHSA-2014-1652.html

http://rhn.redhat.com/errata/RHSA-2014-1692.html

http://secunia.com/advisories/59627

http://secunia.com/advisories/61058

http://secunia.com/advisories/61073

http://secunia.com/advisories/61207

http://secunia.com/advisories/61298

http://secunia.com/advisories/61439

http://secunia.com/advisories/61837

http://secunia.com/advisories/61959

http://secunia.com/advisories/61990

http://secunia.com/advisories/62070

http://security.gentoo.org/glsa/glsa-201412-39.xml

http://www-01.ibm.com/support/docview.wss?uid=swg21686997

http://www.debian.org/security/2014/dsa-3053

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.securityfocus.com/bid/70584

http://www.securitytracker.com/id/1031052

http://www.ubuntu.com/usn/USN-2385-1

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

https://kc.mcafee.com/corporate/index?page=content&id=SB10091

https://support.apple.com/HT205217

https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html

https://www.openssl.org/news/secadv_20141015.txt

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

http://advisories.mageia.org/MGASA-2014-0416.html

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142495837901899&w=2

http://marc.info/?l=bugtraq&m=142624590206005&w=2

http://marc.info/?l=bugtraq&m=142791032306609&w=2

http://marc.info/?l=bugtraq&m=142804214608580&w=2

http://marc.info/?l=bugtraq&m=142834685803386&w=2

http://marc.info/?l=bugtraq&m=143290437727362&w=2

http://marc.info/?l=bugtraq&m=143290522027658&w=2

http://marc.info/?l=bugtraq&m=143290583027876&w=2

http://rhn.redhat.com/errata/RHSA-2014-1652.html

http://rhn.redhat.com/errata/RHSA-2014-1692.html

http://secunia.com/advisories/59627

http://secunia.com/advisories/61058

http://secunia.com/advisories/61073

http://secunia.com/advisories/61207

http://secunia.com/advisories/61298

http://secunia.com/advisories/61439

http://secunia.com/advisories/61837

http://secunia.com/advisories/61959

http://secunia.com/advisories/61990

http://secunia.com/advisories/62070

http://security.gentoo.org/glsa/glsa-201412-39.xml

http://www-01.ibm.com/support/docview.wss?uid=swg21686997

http://www.debian.org/security/2014/dsa-3053

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.securityfocus.com/bid/70584

http://www.securitytracker.com/id/1031052

http://www.ubuntu.com/usn/USN-2385-1

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

https://kc.mcafee.com/corporate/index?page=content&id=SB10091

https://support.apple.com/HT205217

https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html

https://www.openssl.org/news/secadv_20141015.txt