NULL Pointer Dereference
CVE-2014-3571
Summary
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k, allows remote attackers to cause a Denial of Service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the 'dtls1_get_record' function in 'd1_pkt.c' and the 'ssl3_read_n' function in 's3_pkt.c'.
- LOW
- NETWORK
- NONE
- NONE
- NONE
- PARTIAL
CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Advisory Timeline
- Published