What is CVE-2014-3512?

CVE-2014-3512 is a vulnerability in Openssl, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-08-13.

Is CVE-2014-3512 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Openssl

CVE-2014-3512

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP…

Vulnerability class: Buffer Overflow

EPSS: 0.741 (99.4th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 1.0.0, 1.0.0a, 1.0.0b
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

openSUSE-SU-2014:1052 (vendor-advisory, x_refsource_SUSE)
60221 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
61184 (x_refsource_SECUNIA, third-party-advisory)
SSRT101846 (x_refsource_HP, vendor-advisory)
60022 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
61017 (x_refsource_SECUNIA, third-party-advisory)
openssl-cve20143512-dos(95158) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2014-3512?: CVE-2014-3512 is a vulnerability in Openssl, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-08-13.
Is CVE-2014-3512 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.