suse · CVE-2014-3470

Quick triage

Priority: medium Published: 2021-05-30 13:20:52 UTC Updated: 2026-04-18 18:39:44 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-3470 severity moderate: SUSE including 245 source package names (compat-openssl097g-0.9.7g-146.22.25.1, compat-openssl097g-0.9.7g-146.22.29.1, …), 573 product×package rows across 73 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (73 product lines)): Fixed 379, Known Not Affected 194.

Description:

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

cvelogic Threat Intelligence