CVE-2014-3509

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-3509

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-3509.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2014-3509

Downstream

DEBIAN-CVE-2014-3509

DSA-2998-1

RHSA-2014:1052

RHSA-2014:1054

RHSA-2015:0197

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2015:0546-1

SUSE-SU-2015:1185-1

UBUNTU-CVE-2014-3509

USN-2308-1

openSUSE-SU-2024:10271-1

openSUSE-SU-2024:10309-1

openSUSE-SU-2024:10529-1

openSUSE-SU-2024:11127-1

Related

Published

2014-08-13T23:55:07Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.

References

Affected packages