|
gptkbp:instance_of
|
gptkb:vulnerability
|
|
gptkbp:affected_libraries
|
libssl.
|
|
gptkbp:affected_platforms
|
Linux.
|
|
gptkbp:affected_protocols
|
TLS.
|
|
gptkbp:affected_versions_range
|
1.0.1f to 1.0.1g.
|
|
gptkbp:broadcasts
|
Open SSL team.
|
|
gptkbp:components
|
SSL/ TLS.
|
|
gptkbp:cve_id
|
CVE-2014-3475.
|
|
gptkbp:cvss_access_complexity
|
Low.
|
|
gptkbp:cvss_authentication
|
None.
|
|
gptkbp:cvss_availability_impact
|
Complete.
|
|
gptkbp:cvss_base_score
|
5.0.
|
|
gptkbp:cvss_confidentiality_impact
|
None.
|
|
gptkbp:cvss_environmental_score
|
3.0.
|
|
gptkbp:cvss_integrity_impact
|
None.
|
|
gptkbp:cvss_temporal_score
|
4.0.
|
|
gptkbp:description
|
A vulnerability in the Open SSL library.
|
|
gptkbp:difficulty_levels
|
gptkb:High
|
|
gptkbp:disclosure_method
|
Public.
|
|
gptkbp:discovery_year
|
2014-06-05.
|
|
gptkbp:distributor
|
Open SSL Software Foundation.
|
|
gptkbp:environmental_initiatives
|
Upgrade Open SSL.
|
|
gptkbp:exploit_code
|
Available.
|
|
gptkbp:exploit_impact
|
Denial of service.
|
|
gptkbp:exploitability_assessment
|
High.
|
|
gptkbp:exploitability_status
|
Exploitable.
|
|
gptkbp:first_published
|
2014-07-09
|
|
gptkbp:fix_date
|
2014-07-09.
|
|
gptkbp:has_advisory_board
|
Open SSL Security Advisory.
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
CVE-2014-3475
|
|
gptkbp:impact
|
Critical.
Denial of service via crafted packets.
Allows remote attackers to cause a denial of service.
|
|
gptkbp:investment
|
High.
|
|
gptkbp:is_a_solution_for
|
Upgrade to Open SSL 1.0.1h or 1.0.2.
|
|
gptkbp:is_referenced_in
|
https://www.openssl.org/news/secadv_20140709.txt
|
|
gptkbp:is_vulnerable_to
|
Yes.
3.9.
Buffer overflow.
Exploitable.
|
|
gptkbp:latest_version
|
Open SSL 1.0.1f to 1.0.1g.
|
|
gptkbp:prevention
|
Apply patches.
|
|
gptkbp:provides_support_for
|
Open SSL 1.0.1 and 1.0.2.
|
|
gptkbp:publication_year
|
2014-07-09
|
|
gptkbp:published_in
|
NVD.
|
|
gptkbp:regulatory_compliance
|
Open SSL Security Advisory.
|
|
gptkbp:related_cwe
|
CWE-119.
|
|
gptkbp:released
|
Yes.
|
|
gptkbp:remediation_status
|
Remediated.
|
|
gptkbp:reports_to
|
2014-07-09.
CERT.
|
|
gptkbp:score
|
5.0.
|
|
gptkbp:security
|
High.
|
|
gptkbp:source
|
Open SSL.
|
|
gptkbp:status
|
Resolved.
|
|
gptkbp:type
|
Denial of Service.
|
|
gptkbp:vector
|
Remote.
|
|
gptkbp:vulnerability_class
|
Security.
|
|
gptkbp:vulnerability_disclosure
|
Publicly disclosed.
|
|
gptkbp:vulnerability_severity
|
Critical.
|
|
gptkbp:vulnerability_type_description
|
Buffer overflow leading to denial of service.
|