Get In Touch
- Customer Support For immediate customer support please call +1-6174444699 or email us at support@akamai.com
- Contact Us Please get in touch with us here
X
Social
Under Attack?

The Akamai Blog Subscribe

OpenSSL Vulnerabilities

By Bill Brenner August 8, 2014 1:38 PM

On Wednesday, 2014-08-06, the OpenSSL Project disclosed nine low- and moderate-severity vulnerabilities, with details published here.

These are vulnerabilities that can potentially impact OpenSSL clients and servers worldwide.

We currently believe our services are not impacted by CVE-2014-3508, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, and CVE-2014-3512.

We are in the process of rolling out a fix to address vulnerabilities CVE-2014-3511 and CVE-2014-5139 for each of our relevant services.

Akamai is investigating the vulnerabilities further, and will provide additional communication if needed.

Some of the vulnerabilities, as outlined in the advisory, include:

An information leak in pretty printing functions
A crash condition with SRP ciphersuite in Server Hello message
A race condition in ssl_parse_serverhello_tlsext
Double Free when processing DTLS packets
A DTLS memory exhaustion condition
DTLS memory leak from zero-length fragments
An OpenSSL DTLS anonymous EC(DH) denial of service
An OpenSSL TLS protocol downgrade attack
```
A SRP buffer overrun
```