CVE-2014-3505

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.8 (including)	0.9.8 (including)
Openssl	Openssl	0.9.8a (including)	0.9.8a (including)
Openssl	Openssl	0.9.8b (including)	0.9.8b (including)
Openssl	Openssl	0.9.8c (including)	0.9.8c (including)
Openssl	Openssl	0.9.8d (including)	0.9.8d (including)
Openssl	Openssl	0.9.8e (including)	0.9.8e (including)
Openssl	Openssl	0.9.8f (including)	0.9.8f (including)
Openssl	Openssl	0.9.8g (including)	0.9.8g (including)
Openssl	Openssl	0.9.8h (including)	0.9.8h (including)
Openssl	Openssl	0.9.8i (including)	0.9.8i (including)
Openssl	Openssl	0.9.8j (including)	0.9.8j (including)
Openssl	Openssl	0.9.8k (including)	0.9.8k (including)
Openssl	Openssl	0.9.8l (including)	0.9.8l (including)
Openssl	Openssl	0.9.8m (including)	0.9.8m (including)
Openssl	Openssl	0.9.8m-beta1 (including)	0.9.8m-beta1 (including)
Openssl	Openssl	0.9.8n (including)	0.9.8n (including)
Openssl	Openssl	0.9.8o (including)	0.9.8o (including)
Openssl	Openssl	0.9.8p (including)	0.9.8p (including)
Openssl	Openssl	0.9.8q (including)	0.9.8q (including)
Openssl	Openssl	0.9.8r (including)	0.9.8r (including)
Openssl	Openssl	0.9.8s (including)	0.9.8s (including)
Openssl	Openssl	0.9.8t (including)	0.9.8t (including)
Openssl	Openssl	0.9.8u (including)	0.9.8u (including)
Openssl	Openssl	0.9.8v (including)	0.9.8v (including)
Openssl	Openssl	0.9.8w (including)	0.9.8w (including)
Openssl	Openssl	0.9.8x (including)	0.9.8x (including)
Openssl	Openssl	0.9.8y (including)	0.9.8y (including)
Openssl	Openssl	0.9.8za (including)	0.9.8za (including)
Openssl	Openssl	1.0.0 (including)	1.0.0 (including)
Openssl	Openssl	1.0.0-beta1 (including)	1.0.0-beta1 (including)
Openssl	Openssl	1.0.0-beta2 (including)	1.0.0-beta2 (including)
Openssl	Openssl	1.0.0-beta3 (including)	1.0.0-beta3 (including)
Openssl	Openssl	1.0.0-beta4 (including)	1.0.0-beta4 (including)
Openssl	Openssl	1.0.0-beta5 (including)	1.0.0-beta5 (including)
Openssl	Openssl	1.0.0a (including)	1.0.0a (including)
Openssl	Openssl	1.0.0b (including)	1.0.0b (including)
Openssl	Openssl	1.0.0c (including)	1.0.0c (including)
Openssl	Openssl	1.0.0d (including)	1.0.0d (including)
Openssl	Openssl	1.0.0e (including)	1.0.0e (including)
Openssl	Openssl	1.0.0f (including)	1.0.0f (including)
Openssl	Openssl	1.0.0g (including)	1.0.0g (including)
Openssl	Openssl	1.0.0h (including)	1.0.0h (including)
Openssl	Openssl	1.0.0i (including)	1.0.0i (including)
Openssl	Openssl	1.0.0j (including)	1.0.0j (including)
Openssl	Openssl	1.0.0k (including)	1.0.0k (including)
Openssl	Openssl	1.0.0l (including)	1.0.0l (including)
Openssl	Openssl	1.0.0m (including)	1.0.0m (including)
Openssl	Openssl	1.0.1 (including)	1.0.1 (including)
Openssl	Openssl	1.0.1-beta1 (including)	1.0.1-beta1 (including)
Openssl	Openssl	1.0.1-beta2 (including)	1.0.1-beta2 (including)
Openssl	Openssl	1.0.1-beta3 (including)	1.0.1-beta3 (including)
Openssl	Openssl	1.0.1a (including)	1.0.1a (including)
Openssl	Openssl	1.0.1b (including)	1.0.1b (including)
Openssl	Openssl	1.0.1c (including)	1.0.1c (including)
Openssl	Openssl	1.0.1d (including)	1.0.1d (including)
Openssl	Openssl	1.0.1e (including)	1.0.1e (including)
Openssl	Openssl	1.0.1f (including)	1.0.1f (including)
Openssl	Openssl	1.0.1g (including)	1.0.1g (including)
Openssl	Openssl	1.0.1h (including)	1.0.1h (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3505
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References