cpe:/a:openssl:openssl:1.0.1 cpe:/a:openssl:openssl:1.0.1:beta1 cpe:/a:openssl:openssl:1.0.1:beta2 cpe:/a:openssl:openssl:1.0.1:beta3 cpe:/a:openssl:openssl:1.0.1a cpe:/a:openssl:openssl:1.0.1b cpe:/a:openssl:openssl:1.0.1c cpe:/a:openssl:openssl:1.0.1d cpe:/a:openssl:openssl:1.0.1e cpe:/a:openssl:openssl:1.0.1f cpe:/a:openssl:openssl:1.0.1g cpe:/a:openssl:openssl:1.0.1h CVE-2014-5139 2014-08-13T19:55:07.717-04:00 2017-01-06T22:00:26.197-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2014-08-14T07:30:14.000-04:00 SECTRACK 1030693 SECUNIA 59700 SECUNIA 59710 SECUNIA 59756 SECUNIA 60022 SECUNIA 60221 SECUNIA 60493 SECUNIA 60803 SECUNIA 60810 SECUNIA 60917 SECUNIA 60921 SECUNIA 61017 SECUNIA 61100 SECUNIA 61171 SECUNIA 61184 SECUNIA 61392 SECUNIA 61775 SECUNIA 61959 BID 69077 DEBIAN DSA-2998 FREEBSD FreeBSD-SA-14:18 GENTOO GLSA-201412-39 HP HPSBMU03259 HP HPSBMU03261 HP HPSBMU03263 HP HPSBMU03267 HP HPSBMU03304 NETBSD NetBSD-SA2014-008 HP SSRT101818 HP SSRT101846 HP SSRT101894 HP SSRT101916 HP SSRT101921 HP SSRT101922 MLIST [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc CONFIRM http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html CONFIRM http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682293 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21683389 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997 CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm CONFIRM http://www.tenable.com/security/tns-2014-06 CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0 CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e CONFIRM https://www.openssl.org/news/secadv_20140806.txt SUSE openSUSE-SU-2014:1052 The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.