CVE-2014-8275 | Vulnerability Database | Aqua Security

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificates unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	*	0.9.8zc (including)
Openssl	Openssl	1.0.0a (including)	1.0.0a (including)
Openssl	Openssl	1.0.0b (including)	1.0.0b (including)
Openssl	Openssl	1.0.0c (including)	1.0.0c (including)
Openssl	Openssl	1.0.0d (including)	1.0.0d (including)
Openssl	Openssl	1.0.0e (including)	1.0.0e (including)
Openssl	Openssl	1.0.0f (including)	1.0.0f (including)
Openssl	Openssl	1.0.0g (including)	1.0.0g (including)
Openssl	Openssl	1.0.0h (including)	1.0.0h (including)
Openssl	Openssl	1.0.0i (including)	1.0.0i (including)
Openssl	Openssl	1.0.0j (including)	1.0.0j (including)
Openssl	Openssl	1.0.0k (including)	1.0.0k (including)
Openssl	Openssl	1.0.0l (including)	1.0.0l (including)
Openssl	Openssl	1.0.0m (including)	1.0.0m (including)
Openssl	Openssl	1.0.0n (including)	1.0.0n (including)
Openssl	Openssl	1.0.0o (including)	1.0.0o (including)
Openssl	Openssl	1.0.1a (including)	1.0.1a (including)
Openssl	Openssl	1.0.1b (including)	1.0.1b (including)
Openssl	Openssl	1.0.1c (including)	1.0.1c (including)
Openssl	Openssl	1.0.1d (including)	1.0.1d (including)
Openssl	Openssl	1.0.1e (including)	1.0.1e (including)
Openssl	Openssl	1.0.1f (including)	1.0.1f (including)
Openssl	Openssl	1.0.1g (including)	1.0.1g (including)
Openssl	Openssl	1.0.1h (including)	1.0.1h (including)
Openssl	Openssl	1.0.1i (including)	1.0.1i (including)
Openssl	Openssl	1.0.1j (including)	1.0.1j (including)
Red Hat Enterprise Linux 5	RedHat	openssl-0:0.9.8e-33.el5_11	*
Red Hat Enterprise Linux 6	RedHat	openssl-0:1.0.1e-30.el6_6.5	*
Red Hat Enterprise Linux 7	RedHat	openssl-1:1.0.1e-34.el7_0.7	*
Openssl	Ubuntu	artful	*
Openssl	Ubuntu	bionic	*
Openssl	Ubuntu	cosmic	*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	disco	*
Openssl	Ubuntu	lucid	*
Openssl	Ubuntu	precise	*
Openssl	Ubuntu	trusty	*
Openssl	Ubuntu	upstream	*
Openssl	Ubuntu	utopic	*
Openssl	Ubuntu	vivid	*
Openssl	Ubuntu	vivid/stable-phone-overlay	*
Openssl	Ubuntu	vivid/ubuntu-core	*
Openssl	Ubuntu	wily	*
Openssl	Ubuntu	xenial	*
Openssl	Ubuntu	yakkety	*
Openssl	Ubuntu	zesty	*
Openssl098	Ubuntu	precise	*
Openssl098	Ubuntu	trusty	*
Openssl098	Ubuntu	upstream	*
Openssl098	Ubuntu	utopic	*
Openssl098	Ubuntu	vivid	*

References

http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2
http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2
http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2
http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2
http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2
http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2
http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2
http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2
http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2
http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/71935
http://www.securitytracker.com/id/1033378
https://bto.bluecoat.com/security-advisory/sa88
https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e
https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b
https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102
https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108
https://support.apple.com/HT204659
https://support.citrix.com/article/CTX216642
https://www.openssl.org/news/secadv_20150108.txt

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8275
CWE	https://cwe.mitre.org/data/definitions/310.html