NULL pointer dereference in Mariadb
CVE-2014-3470
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointe…
EPSS: 0.914 (99.7th percentile) — read the EPSS interpretation.
Affected products
- Mariadb
- Openssl
- Fedoraproject Fedora — versions 19, 20
- Opensuse Leap — versions 42.1
- Opensuse — versions 13.2
- Redhat Enterprise_linux — versions 5, 6.0
- Redhat Storage — versions 2.1
- Suse Linux_enterprise_desktop — versions 12
- Suse Linux_enterprise_server — versions 12
- Suse Linux_enterprise_software_development_kit — versions 12
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 59342 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- 59669 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- 59525 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- 59282 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- 59990 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- 59264 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- 59126 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
Frequently asked questions
- What is CVE-2014-3470?
- CVE-2014-3470 is a vulnerability in Mariadb, classified under NULL Pointer Dereference. Published 2014-06-05.
- Is CVE-2014-3470 known to be exploited?
- 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.