Skip to main content

NULL Pointer Dereference

CVE-2014-3571

Severity Medium
Score 5/10

Summary

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k, allows remote attackers to cause a Denial of Service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the 'dtls1_get_record' function in 'd1_pkt.c' and the 'ssl3_read_n' function in 's3_pkt.c'.

  • LOW
  • NETWORK
  • NONE
  • NONE
  • NONE
  • PARTIAL

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published