CVE-2014-3571 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Affected Products (NVD)

Vendor	Product	Version
openssl	openssl	𝑥 ≤ 0.9.8zc
openssl	openssl	1.0.0a:a
openssl	openssl	1.0.0b:b
openssl	openssl	1.0.0c:c
openssl	openssl	1.0.0d:d
openssl	openssl	1.0.0e:e
openssl	openssl	1.0.0f:f
openssl	openssl	1.0.0g:g
openssl	openssl	1.0.0h:h
openssl	openssl	1.0.0i:i
openssl	openssl	1.0.0j:j
openssl	openssl	1.0.0k:k
openssl	openssl	1.0.0l:l
openssl	openssl	1.0.0m:m
openssl	openssl	1.0.0n:n
openssl	openssl	1.0.0o:o
openssl	openssl	1.0.1a:a
openssl	openssl	1.0.1b:b
openssl	openssl	1.0.1c:c
openssl	openssl	1.0.1d:d
openssl	openssl	1.0.1e:e
openssl	openssl	1.0.1f:f
openssl	openssl	1.0.1g:g
openssl	openssl	1.0.1h:h
openssl	openssl	1.0.1i:i
openssl	openssl	1.0.1j:j

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

artful	Fixed 1.0.1f-1ubuntu10 released
bionic	Fixed 1.0.1f-1ubuntu10 released
cosmic	Fixed 1.0.1f-1ubuntu10 released
disco	Fixed 1.0.1f-1ubuntu10 released
lucid	Fixed 0.9.8k-7ubuntu8.23 released
precise	Fixed 1.0.1-4ubuntu5.21 released
trusty	Fixed 1.0.1f-1ubuntu2.8 released
utopic	Fixed 1.0.1f-1ubuntu9.1 released
vivid	Fixed 1.0.1f-1ubuntu10 released
wily	Fixed 1.0.1f-1ubuntu10 released
xenial	Fixed 1.0.1f-1ubuntu10 released
yakkety	Fixed 1.0.1f-1ubuntu10 released
zesty	Fixed 1.0.1f-1ubuntu10 released

openssl098

artful	dne
bionic	dne
cosmic	dne
disco	dne
lucid	dne
precise	ignored
trusty	dne
utopic	ignored
vivid	ignored
wily	dne
xenial	dne
yakkety	dne
zesty	dne

openSUSE / SLES Releases

openSUSE Product

Release

libopenssl-devel

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

libopenssl-fips-provider

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

openssl

suse enterprise desktop 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise desktop 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise sap 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise sap 15 SP7	3.2.3-150700.1.1 fixed
suse enterprise server 15 SP6	3.1.4-150600.2.1 fixed
suse enterprise server 15 SP7	3.2.3-150700.1.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

openssl

RHEL 6	0:1.0.1e-30.el6_6.5 fixed
RHEL 7	1:1.0.1e-34.el7_0.7 fixed

openssl-devel

RHEL 6	0:1.0.1e-30.el6_6.5 fixed
RHEL 7	1:1.0.1e-34.el7_0.7 fixed

openssl-libs

RHEL 7

1:1.0.1e-34.el7_0.7

fixed

openssl-perl

RHEL 6	0:1.0.1e-30.el6_6.5 fixed
RHEL 7	1:1.0.1e-34.el7_0.7 fixed

openssl-static

RHEL 6	0:1.0.1e-30.el6_6.5 fixed
RHEL 7	1:1.0.1e-34.el7_0.7 fixed

References

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://marc.info/?l=bugtraq&m=142496179803395&w=2

http://marc.info/?l=bugtraq&m=142496289803847&w=2

http://marc.info/?l=bugtraq&m=142721102728110&w=2

http://marc.info/?l=bugtraq&m=142895206924048&w=2

http://marc.info/?l=bugtraq&m=143748090628601&w=2

http://marc.info/?l=bugtraq&m=144050155601375&w=2

http://marc.info/?l=bugtraq&m=144050205101530&w=2

http://marc.info/?l=bugtraq&m=144050254401665&w=2

http://marc.info/?l=bugtraq&m=144050297101809&w=2

http://rhn.redhat.com/errata/RHSA-2015-0066.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

http://www.debian.org/security/2015/dsa-3125

http://www.mandriva.com/security/advisories?name=MDVSA-2015:019

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/71937

http://www.securitytracker.com/id/1033378

https://bto.bluecoat.com/security-advisory/sa88

https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b

https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d

https://kc.mcafee.com/corporate/index?page=content&id=SB10102

https://kc.mcafee.com/corporate/index?page=content&id=SB10108

https://support.apple.com/HT204659

https://www.openssl.org/news/secadv_20150108.txt

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://marc.info/?l=bugtraq&m=142496179803395&w=2

http://marc.info/?l=bugtraq&m=142496289803847&w=2

http://marc.info/?l=bugtraq&m=142721102728110&w=2

http://marc.info/?l=bugtraq&m=142895206924048&w=2

http://marc.info/?l=bugtraq&m=143748090628601&w=2

http://marc.info/?l=bugtraq&m=144050155601375&w=2

http://marc.info/?l=bugtraq&m=144050205101530&w=2

http://marc.info/?l=bugtraq&m=144050254401665&w=2

http://marc.info/?l=bugtraq&m=144050297101809&w=2

http://rhn.redhat.com/errata/RHSA-2015-0066.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

http://www.debian.org/security/2015/dsa-3125

http://www.mandriva.com/security/advisories?name=MDVSA-2015:019

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/71937

http://www.securitytracker.com/id/1033378

https://bto.bluecoat.com/security-advisory/sa88

https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b

https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d

https://kc.mcafee.com/corporate/index?page=content&id=SB10102

https://kc.mcafee.com/corporate/index?page=content&id=SB10108

https://support.apple.com/HT204659

https://www.openssl.org/news/secadv_20150108.txt