virus logo FortiClient Vulnerability

OpenSSL CVE-2014-3513 Input Validation Bypass Vulnerability

description-logoDescription

Severity: HighA flaw in the DTLS SRTP extension parsing code allows an attacker, whosends a carefully crafted handshake message, to cause OpenSSL to failto free up to 64k of memory causing a memory leak. This could beexploited in a Denial Of Service attack. This issue affects OpenSSL1.0.1 server implementations for both SSL/TLS and DTLS regardless ofwhether SRTP is used or configured. Implementations of OpenSSL thathave been compiled with OPENSSL_NO_SRTP defined are not affected.OpenSSL 1.0.1 users should upgrade to 1.0.1j.This issue was reported to OpenSSL on 26th September 2014, based on an originalissue and patch developed by the LibreSSL project. Further analysis of the issuewas performed by the OpenSSL team.The fix was developed by the OpenSSL team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2014-3513

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39810
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL