VYPR
Unrated severityNVD Advisory· Published Aug 13, 2014· Updated Jun 17, 2026

CVE-2014-5139

CVE-2014-5139

Description

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

15
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
    • (no CPE)range: <1.0.1i
  • osv-coords2 versions
    < 2.5.0-1.1+ 1 more
    • (no CPE)range: < 2.5.0-1.1
    • (no CPE)range: < 1.1.1l-1.2

Patches

Vulnerability mechanics

References

47

News mentions

0

No linked articles in our index yet.