View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-3470 severity moderate: SUSE including 245 source package names (compat-openssl097g-0.9.7g-146.22.25.1, compat-openssl097g-0.9.7g-146.22.29.1, …), 573 product×package rows across 73 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (73 product lines)): Fixed 379, Known Not Affected 194.
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.