NULL Pointer Dereference

CVE-2014-3470

Medium

4.3/10

Summary

The "ssl3_send_client_key_exchange" function in "s3_clnt.c" in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: PARTIAL

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

Advisory
Issue
Advisory

Advisory Timeline

Published Jun 05, 2014

NULL Pointer Dereference

CVE-2014-3470

Summary

CWE-476 - NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS