OpenSSL session ticket Memory leakage Vulnerability (CVE-2014-3567)
Release date:
Updated on:
Affected Systems:
OpenSSL Project OpenSSL <1.0.1j
Description:
Bugtraq id: 70586
CVE (CAN) ID: CVE-2014-3567
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
After receiving the session ticket, the OpenSSL SSL/TLS/DTLS server checks its integrity. After the check fails, OpenSSL cannot release the memory, causing memory leakage. By sending a large number of invalid session tickets, attackers can exploit this vulnerability to cause DoS attacks.
<* Source: OpenSSL Project
Link: https://www.openssl.org/news/secadv_20141015.txt
*>
Suggestion:
Vendor patch:
OpenSSL Project
---------------
The OpenSSL Project has released a Security Bulletin (secadv_20151115) and the corresponding patch:
Secadv_20151115: OpenSSL Security Advisory [15 Oct 2014]
Link: https://www.openssl.org/news/secadv_20141015.txt
OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)
Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian
OpenSSL "heartbleed" Security Vulnerability
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: