Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2899

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-2899
Last Modified 23 Apr 2014 08:34:57
Published 22 Apr 2014 10:23:36
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2899

Summary

wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.

Vulnerable Systems

Application

  • Cyassl 0.2.0

  • Cyassl 0.3.0

  • Cyassl 0.4.0

  • Cyassl 0.5.0

  • Cyassl 0.5.5

  • Cyassl 0.6.0

  • Cyassl 0.6.2

  • Cyassl 0.6.3

  • Cyassl 0.8.0

  • Cyassl 0.9.0

  • Cyassl 0.9.6

  • Cyassl 0.9.8

  • Cyassl 0.9.9

  • Cyassl 1.0.0

  • Cyassl 1.0.2

  • Cyassl 1.0.3

  • Cyassl 1.0.6

  • Cyassl 1.1.0

  • Cyassl 1.2.0

  • Cyassl 1.3.0

  • Cyassl 1.4.0

  • Cyassl 1.5.0

  • Cyassl 1.5.4

  • Cyassl 1.5.6

  • Cyassl 1.6.0

  • Cyassl 1.6.5

  • Cyassl 1.8.0

  • Cyassl 1.9.0

  • Cyassl 2.0.0

  • Cyassl 2.0.2

  • Cyassl 2.0.6

  • Cyassl 2.0.8

  • Cyassl 2.2.0

  • Cyassl 2.3.0

  • Cyassl 2.4.0

  • Cyassl 2.4.6

  • Cyassl 2.5.0

  • Cyassl 2.6.0

  • Cyassl 2.7.0

  • Cyassl 2.8.0

  • Cyassl 2.9.0


References

CONFIRM - http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html

CONFIRM - http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html

SECUNIA - 57743

MLIST - [oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?

MLIST - [oss-security] 20140417 CVE ids for CyaSSL 2.9.4?


Last Updated: 27 May 2016 11:05:04