Sid 1-51460

Message

SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt

Summary

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

Impact

CVSS base score 7.1 CVSS impact score 6.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2014-3513:

CVSS base score 7.1

CVSS impact score 6.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Detailed information

CVE-2014-3513: Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

Affected systems

• openssl openssl 1.0.1
• openssl openssl 1.0.1a
• openssl openssl 1.0.1b
• openssl openssl 1.0.1c
• openssl openssl 1.0.1d
• openssl openssl 1.0.1e
• openssl openssl 1.0.1f
• openssl openssl 1.0.1g
• openssl openssl 1.0.1h
• openssl openssl 1.0.1i

Ease of attack

CVE-2014-3513:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Contributors

• Talos research team.
• This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
• For more information see nvd.

Additional References

• www.openssl.org/news/secadv_20141015.txt