virus logo FortiClient Vulnerability

OpenSSL CVE-2014-3510 Vulnerability

description-logoDescription

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to adenial of service attack. A malicious server can crash the client with a nullpointer dereference (read) by specifying an anonymous (EC)DH ciphersuite andsending carefully crafted handshake messages.OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zbOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n.OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.Thanks to Felix Grbert (Google) for discovering and researching this issue.This issue was reported to OpenSSL on 18th July 2014.The fix was developed by Emilia Ksper of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2014-3510

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39807
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL