CVE-2014-3567 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:N/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Affected Products (NVD)

Vendor	Product	Version
openssl	openssl	𝑥 ≤ 0.9.8zb
openssl	openssl	1.0.0
openssl	openssl	1.0.0:beta1
openssl	openssl	1.0.0:beta2
openssl	openssl	1.0.0:beta3
openssl	openssl	1.0.0:beta4
openssl	openssl	1.0.0:beta5
openssl	openssl	1.0.0a:a
openssl	openssl	1.0.0b:b
openssl	openssl	1.0.0c:c
openssl	openssl	1.0.0d:d
openssl	openssl	1.0.0e:e
openssl	openssl	1.0.0f:f
openssl	openssl	1.0.0g:g
openssl	openssl	1.0.0h:h
openssl	openssl	1.0.0i:i
openssl	openssl	1.0.0j:j
openssl	openssl	1.0.0k:k
openssl	openssl	1.0.0l:l
openssl	openssl	1.0.0m:m
openssl	openssl	1.0.0n:n
openssl	openssl	1.0.1
openssl	openssl	1.0.1:beta1
openssl	openssl	1.0.1:beta2
openssl	openssl	1.0.1:beta3
openssl	openssl	1.0.1a:a
openssl	openssl	1.0.1b:b
openssl	openssl	1.0.1c:c
openssl	openssl	1.0.1d:d
openssl	openssl	1.0.1e:e
openssl	openssl	1.0.1f:f
openssl	openssl	1.0.1g:g
openssl	openssl	1.0.1h:h
openssl	openssl	1.0.1i:i

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

artful	Fixed 1.0.1f-1ubuntu9 released
bionic	Fixed 1.0.1f-1ubuntu9 released
cosmic	Fixed 1.0.1f-1ubuntu9 released
disco	Fixed 1.0.1f-1ubuntu9 released
lucid	Fixed 0.9.8k-7ubuntu8.22 released
precise	Fixed 1.0.1-4ubuntu5.20 released
trusty	Fixed 1.0.1f-1ubuntu2.7 released
utopic	Fixed 1.0.1f-1ubuntu9 released
vivid	Fixed 1.0.1f-1ubuntu9 released
wily	Fixed 1.0.1f-1ubuntu9 released
xenial	Fixed 1.0.1f-1ubuntu9 released
yakkety	Fixed 1.0.1f-1ubuntu9 released
zesty	Fixed 1.0.1f-1ubuntu9 released

openssl098

artful	dne
bionic	dne
cosmic	dne
disco	dne
lucid	dne
precise	ignored
trusty	dne
utopic	ignored
vivid	ignored
wily	dne
xenial	dne
yakkety	dne
zesty	dne

openSUSE / SLES Releases

openSUSE Product

Release

libopenssl-devel

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

libopenssl-fips-provider

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

openssl

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

openssl

RHEL 6	0:1.0.1e-30.el6_6.2 fixed
RHEL 7	1:1.0.1e-34.el7_0.6 fixed

openssl-devel

RHEL 6	0:1.0.1e-30.el6_6.2 fixed
RHEL 7	1:1.0.1e-34.el7_0.6 fixed

openssl-libs

RHEL 7

1:1.0.1e-34.el7_0.6

fixed

openssl-perl

RHEL 6	0:1.0.1e-30.el6_6.2 fixed
RHEL 7	1:1.0.1e-34.el7_0.6 fixed

openssl-static

RHEL 6	0:1.0.1e-30.el6_6.2 fixed
RHEL 7	1:1.0.1e-34.el7_0.6 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

http://advisories.mageia.org/MGASA-2014-0416.html

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://marc.info/?l=bugtraq&m=141477196830952&w=2

http://marc.info/?l=bugtraq&m=142103967620673&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142495837901899&w=2

http://marc.info/?l=bugtraq&m=142624590206005&w=2

http://marc.info/?l=bugtraq&m=142791032306609&w=2

http://marc.info/?l=bugtraq&m=142804214608580&w=2

http://marc.info/?l=bugtraq&m=142834685803386&w=2

http://marc.info/?l=bugtraq&m=143290437727362&w=2

http://marc.info/?l=bugtraq&m=143290522027658&w=2

http://marc.info/?l=bugtraq&m=143290583027876&w=2

http://rhn.redhat.com/errata/RHSA-2014-1652.html

http://rhn.redhat.com/errata/RHSA-2014-1692.html

http://rhn.redhat.com/errata/RHSA-2015-0126.html

http://secunia.com/advisories/59627

http://secunia.com/advisories/61058

http://secunia.com/advisories/61073

http://secunia.com/advisories/61130

http://secunia.com/advisories/61207

http://secunia.com/advisories/61298

http://secunia.com/advisories/61819

http://secunia.com/advisories/61837

http://secunia.com/advisories/61959

http://secunia.com/advisories/61990

http://secunia.com/advisories/62030

http://secunia.com/advisories/62070

http://secunia.com/advisories/62124

http://security.gentoo.org/glsa/glsa-201412-39.xml

http://support.apple.com/HT204244

http://www-01.ibm.com/support/docview.wss?uid=swg21686997

http://www.debian.org/security/2014/dsa-3053

http://www.mandriva.com/security/advisories?name=MDVSA-2014:203

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/70586

http://www.securitytracker.com/id/1031052

http://www.splunk.com/view/SP-CAAANST

http://www.ubuntu.com/usn/USN-2385-1

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

https://kc.mcafee.com/corporate/index?page=content&id=SB10091

https://support.apple.com/HT205217

https://support.citrix.com/article/CTX216642

https://www.openssl.org/news/secadv_20141015.txt

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

http://advisories.mageia.org/MGASA-2014-0416.html

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://marc.info/?l=bugtraq&m=141477196830952&w=2

http://marc.info/?l=bugtraq&m=142103967620673&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142495837901899&w=2

http://marc.info/?l=bugtraq&m=142624590206005&w=2

http://marc.info/?l=bugtraq&m=142791032306609&w=2

http://marc.info/?l=bugtraq&m=142804214608580&w=2

http://marc.info/?l=bugtraq&m=142834685803386&w=2

http://marc.info/?l=bugtraq&m=143290437727362&w=2

http://marc.info/?l=bugtraq&m=143290522027658&w=2

http://marc.info/?l=bugtraq&m=143290583027876&w=2

http://rhn.redhat.com/errata/RHSA-2014-1652.html

http://rhn.redhat.com/errata/RHSA-2014-1692.html

http://rhn.redhat.com/errata/RHSA-2015-0126.html

http://secunia.com/advisories/59627

http://secunia.com/advisories/61058

http://secunia.com/advisories/61073

http://secunia.com/advisories/61130

http://secunia.com/advisories/61207

http://secunia.com/advisories/61298

http://secunia.com/advisories/61819

http://secunia.com/advisories/61837

http://secunia.com/advisories/61959

http://secunia.com/advisories/61990

http://secunia.com/advisories/62030

http://secunia.com/advisories/62070

http://secunia.com/advisories/62124

http://security.gentoo.org/glsa/glsa-201412-39.xml

http://support.apple.com/HT204244

http://www-01.ibm.com/support/docview.wss?uid=swg21686997

http://www.debian.org/security/2014/dsa-3053

http://www.mandriva.com/security/advisories?name=MDVSA-2014:203

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/70586

http://www.securitytracker.com/id/1031052

http://www.splunk.com/view/SP-CAAANST

http://www.ubuntu.com/usn/USN-2385-1

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

https://kc.mcafee.com/corporate/index?page=content&id=SB10091

https://support.apple.com/HT205217

https://support.citrix.com/article/CTX216642

https://www.openssl.org/news/secadv_20141015.txt