CVE-2014-3507

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.8 (including)	0.9.8 (including)
Openssl	Openssl	0.9.8a (including)	0.9.8a (including)
Openssl	Openssl	0.9.8b (including)	0.9.8b (including)
Openssl	Openssl	0.9.8c (including)	0.9.8c (including)
Openssl	Openssl	0.9.8d (including)	0.9.8d (including)
Openssl	Openssl	0.9.8e (including)	0.9.8e (including)
Openssl	Openssl	0.9.8f (including)	0.9.8f (including)
Openssl	Openssl	0.9.8g (including)	0.9.8g (including)
Openssl	Openssl	0.9.8h (including)	0.9.8h (including)
Openssl	Openssl	0.9.8i (including)	0.9.8i (including)
Openssl	Openssl	0.9.8j (including)	0.9.8j (including)
Openssl	Openssl	0.9.8k (including)	0.9.8k (including)
Openssl	Openssl	0.9.8l (including)	0.9.8l (including)
Openssl	Openssl	0.9.8m (including)	0.9.8m (including)
Openssl	Openssl	0.9.8m-beta1 (including)	0.9.8m-beta1 (including)
Openssl	Openssl	0.9.8n (including)	0.9.8n (including)
Openssl	Openssl	0.9.8o (including)	0.9.8o (including)
Openssl	Openssl	0.9.8p (including)	0.9.8p (including)
Openssl	Openssl	0.9.8q (including)	0.9.8q (including)
Openssl	Openssl	0.9.8r (including)	0.9.8r (including)
Openssl	Openssl	0.9.8s (including)	0.9.8s (including)
Openssl	Openssl	0.9.8t (including)	0.9.8t (including)
Openssl	Openssl	0.9.8u (including)	0.9.8u (including)
Openssl	Openssl	0.9.8v (including)	0.9.8v (including)
Openssl	Openssl	0.9.8w (including)	0.9.8w (including)
Openssl	Openssl	0.9.8x (including)	0.9.8x (including)
Openssl	Openssl	0.9.8y (including)	0.9.8y (including)
Openssl	Openssl	0.9.8za (including)	0.9.8za (including)
Openssl	Openssl	1.0.0 (including)	1.0.0 (including)
Openssl	Openssl	1.0.0-beta1 (including)	1.0.0-beta1 (including)
Openssl	Openssl	1.0.0-beta2 (including)	1.0.0-beta2 (including)
Openssl	Openssl	1.0.0-beta3 (including)	1.0.0-beta3 (including)
Openssl	Openssl	1.0.0-beta4 (including)	1.0.0-beta4 (including)
Openssl	Openssl	1.0.0-beta5 (including)	1.0.0-beta5 (including)
Openssl	Openssl	1.0.0a (including)	1.0.0a (including)
Openssl	Openssl	1.0.0b (including)	1.0.0b (including)
Openssl	Openssl	1.0.0c (including)	1.0.0c (including)
Openssl	Openssl	1.0.0d (including)	1.0.0d (including)
Openssl	Openssl	1.0.0e (including)	1.0.0e (including)
Openssl	Openssl	1.0.0f (including)	1.0.0f (including)
Openssl	Openssl	1.0.0g (including)	1.0.0g (including)
Openssl	Openssl	1.0.0h (including)	1.0.0h (including)
Openssl	Openssl	1.0.0i (including)	1.0.0i (including)
Openssl	Openssl	1.0.0j (including)	1.0.0j (including)
Openssl	Openssl	1.0.0k (including)	1.0.0k (including)
Openssl	Openssl	1.0.0l (including)	1.0.0l (including)
Openssl	Openssl	1.0.0m (including)	1.0.0m (including)
Openssl	Openssl	1.0.1 (including)	1.0.1 (including)
Openssl	Openssl	1.0.1-beta1 (including)	1.0.1-beta1 (including)
Openssl	Openssl	1.0.1-beta2 (including)	1.0.1-beta2 (including)
Openssl	Openssl	1.0.1-beta3 (including)	1.0.1-beta3 (including)
Openssl	Openssl	1.0.1a (including)	1.0.1a (including)
Openssl	Openssl	1.0.1b (including)	1.0.1b (including)
Openssl	Openssl	1.0.1c (including)	1.0.1c (including)
Openssl	Openssl	1.0.1d (including)	1.0.1d (including)
Openssl	Openssl	1.0.1e (including)	1.0.1e (including)
Openssl	Openssl	1.0.1f (including)	1.0.1f (including)
Openssl	Openssl	1.0.1g (including)	1.0.1g (including)
Openssl	Openssl	1.0.1h (including)	1.0.1h (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3507
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References