suse · CVE-2014-3512

Quick triage

Priority: high Published: 2021-05-30 13:21:01 UTC Updated: 2026-04-18 18:39:26 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-3512 severity important: SUSE including 134 source package names (compat-openssl098, libcrypto38-2.5.0-1.1, …), 335 product×package rows across 51 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (51 product lines)): Fixed 170, Known Not Affected 165.

Description:

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.

cvelogic Threat Intelligence