CVE-2014-3508

Published: Aug 13, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2014:1297

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2014:1052

vendor-advisory

x_refsource_SUSE

HPSBGN03099

vendor-advisory

x_refsource_HP

61214

third-party-advisory

x_refsource_SECUNIA

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87

x_refsource_CONFIRM

http://linux.oracle.com/errata/ELSA-2014-1052.html

x_refsource_CONFIRM

60221

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21682293

x_refsource_CONFIRM

60778

third-party-advisory

x_refsource_SECUNIA

61184

third-party-advisory

x_refsource_SECUNIA

https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure

x_refsource_CONFIRM

SSRT101846

vendor-advisory

x_refsource_HP

RHSA-2014:1256

vendor-advisory

x_refsource_REDHAT

60022

third-party-advisory

x_refsource_SECUNIA

https://www.openssl.org/news/secadv_20140806.txt

x_refsource_CONFIRM

61017

third-party-advisory

x_refsource_SECUNIA

61250

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21683389

x_refsource_CONFIRM

69075

vdb-entry

x_refsource_BID

HPSBMU03304

vendor-advisory

x_refsource_HP

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm

x_refsource_CONFIRM

http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html

x_refsource_CONFIRM

HPSBHF03293

vendor-advisory

x_refsource_HP

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

x_refsource_CONFIRM

60410

third-party-advisory

x_refsource_SECUNIA

HPSBMU03260

vendor-advisory

x_refsource_HP

60803

third-party-advisory

x_refsource_SECUNIA

60824

third-party-advisory

x_refsource_SECUNIA

HPSBUX03095

vendor-advisory

x_refsource_HP

59700

third-party-advisory

x_refsource_SECUNIA

FEDORA-2014-9308

vendor-advisory

x_refsource_FEDORA

1030693

vdb-entry

x_refsource_SECTRACK

59743

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2016:0640

vendor-advisory

x_refsource_SUSE

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

x_refsource_CONFIRM

60861

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21681752

x_refsource_CONFIRM

60917

third-party-advisory

x_refsource_SECUNIA

http://www.tenable.com/security/tns-2014-06

x_refsource_CONFIRM

60493

third-party-advisory

x_refsource_SECUNIA

59710

third-party-advisory

x_refsource_SECUNIA

60921

third-party-advisory

x_refsource_SECUNIA

HPSBOV03099

vendor-advisory

x_refsource_HP

59221

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240

x_refsource_CONFIRM

61100

third-party-advisory

x_refsource_SECUNIA

SUSE-SU-2015:0578

vendor-advisory

x_refsource_SUSE

FreeBSD-SA-14:18

vendor-advisory

x_refsource_FREEBSD

61775

third-party-advisory

x_refsource_SECUNIA

SSRT101894

vendor-advisory

x_refsource_HP

DSA-2998

vendor-advisory

x_refsource_DEBIAN

HPSBMU03263

vendor-advisory

x_refsource_HP

FEDORA-2014-9301

vendor-advisory

x_refsource_FEDORA

SSRT101674

vendor-advisory

x_refsource_HP

61959

third-party-advisory

x_refsource_SECUNIA

59756

third-party-advisory

x_refsource_SECUNIA

HPSBMU03267

vendor-advisory

x_refsource_HP

HPSBMU03261

vendor-advisory

x_refsource_HP

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

x_refsource_CONFIRM

58962

third-party-advisory

x_refsource_SECUNIA

http://linux.oracle.com/errata/ELSA-2014-1053.html

x_refsource_CONFIRM

61392

third-party-advisory

x_refsource_SECUNIA

60938

third-party-advisory

x_refsource_SECUNIA

60684

third-party-advisory

x_refsource_SECUNIA

https://support.citrix.com/article/CTX216642

x_refsource_CONFIRM

[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1127490

x_refsource_CONFIRM

openssl-cve20143508-info-disc(95165)

vdb-entry

x_refsource_XF

61171

third-party-advisory

x_refsource_SECUNIA

60687

third-party-advisory

x_refsource_SECUNIA

MDVSA-2014:158

vendor-advisory

x_refsource_MANDRIVA

http://www-01.ibm.com/support/docview.wss?uid=swg21686997

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-3508

Description

Affected Products

References