cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.8c cpe:/a:openssl:openssl:0.9.8d cpe:/a:openssl:openssl:0.9.8e cpe:/a:openssl:openssl:0.9.8f cpe:/a:openssl:openssl:0.9.8g cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.8j cpe:/a:openssl:openssl:0.9.8k cpe:/a:openssl:openssl:0.9.8l cpe:/a:openssl:openssl:0.9.8m cpe:/a:openssl:openssl:0.9.8m:beta1 cpe:/a:openssl:openssl:0.9.8n cpe:/a:openssl:openssl:0.9.8o cpe:/a:openssl:openssl:0.9.8p cpe:/a:openssl:openssl:0.9.8q cpe:/a:openssl:openssl:0.9.8r cpe:/a:openssl:openssl:0.9.8s cpe:/a:openssl:openssl:0.9.8t cpe:/a:openssl:openssl:0.9.8u cpe:/a:openssl:openssl:0.9.8v cpe:/a:openssl:openssl:0.9.8w cpe:/a:openssl:openssl:0.9.8x cpe:/a:openssl:openssl:0.9.8y cpe:/a:openssl:openssl:0.9.8za cpe:/a:openssl:openssl:1.0.0 cpe:/a:openssl:openssl:1.0.0:beta1 cpe:/a:openssl:openssl:1.0.0:beta2 cpe:/a:openssl:openssl:1.0.0:beta3 cpe:/a:openssl:openssl:1.0.0:beta4 cpe:/a:openssl:openssl:1.0.0:beta5 cpe:/a:openssl:openssl:1.0.0a cpe:/a:openssl:openssl:1.0.0b cpe:/a:openssl:openssl:1.0.0c cpe:/a:openssl:openssl:1.0.0d cpe:/a:openssl:openssl:1.0.0e cpe:/a:openssl:openssl:1.0.0f cpe:/a:openssl:openssl:1.0.0g cpe:/a:openssl:openssl:1.0.0h cpe:/a:openssl:openssl:1.0.0i cpe:/a:openssl:openssl:1.0.0j cpe:/a:openssl:openssl:1.0.0k cpe:/a:openssl:openssl:1.0.0l cpe:/a:openssl:openssl:1.0.0m cpe:/a:openssl:openssl:1.0.1 cpe:/a:openssl:openssl:1.0.1:beta1 cpe:/a:openssl:openssl:1.0.1:beta2 cpe:/a:openssl:openssl:1.0.1:beta3 cpe:/a:openssl:openssl:1.0.1a cpe:/a:openssl:openssl:1.0.1b cpe:/a:openssl:openssl:1.0.1c cpe:/a:openssl:openssl:1.0.1d cpe:/a:openssl:openssl:1.0.1e cpe:/a:openssl:openssl:1.0.1f cpe:/a:openssl:openssl:1.0.1g cpe:/a:openssl:openssl:1.0.1h CVE-2014-3508 2014-08-13T19:55:07.497-04:00 2017-11-14T21:29:04.203-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2014-08-14T10:49:47.963-04:00 SECTRACK 1030693 SECUNIA 58962 SECUNIA 59221 SECUNIA 59700 SECUNIA 59710 SECUNIA 59743 SECUNIA 59756 SECUNIA 60022 SECUNIA 60221 SECUNIA 60410 SECUNIA 60493 SECUNIA 60684 SECUNIA 60687 SECUNIA 60778 SECUNIA 60803 SECUNIA 60824 SECUNIA 60861 SECUNIA 60917 SECUNIA 60921 SECUNIA 60938 SECUNIA 61017 SECUNIA 61100 SECUNIA 61171 SECUNIA 61184 SECUNIA 61214 SECUNIA 61250 SECUNIA 61392 SECUNIA 61775 SECUNIA 61959 BID 69075 DEBIAN DSA-2998 FEDORA FEDORA-2014-9301 FEDORA FEDORA-2014-9308 FREEBSD FreeBSD-SA-14:18 HP HPSBGN03099 HP HPSBMU03261 HP HPSBMU03263 HP HPSBMU03267 HP HPSBMU03304 HP HPSBOV03099 HP HPSBUX03095 MANDRIVA MDVSA-2014:158 NETBSD NetBSD-SA2014-008 REDHAT RHSA-2014:1256 REDHAT RHSA-2014:1297 HP SSRT101674 HP SSRT101846 HP SSRT101894 SUSE SUSE-SU-2015:0578 MLIST [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc CONFIRM http://linux.oracle.com/errata/ELSA-2014-1052.html CONFIRM http://linux.oracle.com/errata/ELSA-2014-1053.html CONFIRM http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html CONFIRM http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21681752 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682293 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21683389 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997 CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm CONFIRM http://www.tenable.com/security/tns-2014-06 CONFIRM https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1127490 CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87 CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 CONFIRM https://support.citrix.com/article/CTX216642 CONFIRM https://www.openssl.org/news/secadv_20140806.txt SUSE openSUSE-SU-2014:1052 SUSE openSUSE-SU-2016:0640 XF openssl-cve20143508-info-disc(95165) The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.