Cisco Bug: CSCuq35656 - August 6, 2014 OpenSSL Vulnerabilities

Last Modified

Dec 21, 2018

Products (1)

Cisco Jabber Video for TelePresence (Movi)

Known Affected Releases

4.8

Description (partial)

Symptom:
This product includes a version of OpenSSL that could be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: 

 * Information leak in pretty printing functions (CVE-2014-3508)
 * Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
 * Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
 * Double Free when processing DTLS packets (CVE-2014-3505)
 * DTLS memory exhaustion (CVE-2014-3506)
 * DTLS memory leak from zero-length fragments (CVE-2014-3507)
 * OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
 * OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
 * SRP buffer overrun (CVE-2014-3512)

This bug has been opened to investigate and address the potential impact on this product.

Conditions:
Device with default configuration.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts