What is CVE-2014-3506?

CVE-2014-3506 is a vulnerability in Openssl, classified under CWE-399. Published 2014-08-13.

Is CVE-2014-3506 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2014-3506

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger m…

EPSS: 0.517 (98.0th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 0.9.8, 0.9.8a, 0.9.8b
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

RHSA-2014:1297 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2014:1052 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
60221 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
60778 (x_refsource_SECUNIA, third-party-advisory)
61184 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
SSRT101846 (x_refsource_HP, vendor-advisory)

Frequently asked questions

What is CVE-2014-3506?: CVE-2014-3506 is a vulnerability in Openssl, classified under CWE-399. Published 2014-08-13.
Is CVE-2014-3506 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.