CVE-2014-8275

EPSS 8.73% · P93 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-8275

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenSSL 加密问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL中存在安全漏洞，该漏洞源于程序没有适当限制证书数据。远程攻击者可通过在证书无符号部分添加特制数据，利用该漏洞破坏fingerprint-based certificate-blacklist保护机制。以下版本受到影响：OpenSSL 0.9.8zd之前版本，1.0.0p之前1.0.0版本，1.0.

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-8275

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/uthrasri/Openssl_G2.5_CVE-2014-8275	POC Details
2	None	https://github.com/uthrasri/CVE-2014-8275_openssl_g2.5	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-8275

Please Login to view more intelligence information

https://bto.bluecoat.com/security-advisory/sa88x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10108x_refsource_CONFIRM
https://support.citrix.com/article/CTX216642x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811bx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlx_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10102x_refsource_CONFIRM
https://support.apple.com/HT204659x_refsource_CONFIRM
https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3ex_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
https://www.openssl.org/news/secadv_20150108.txtx_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/71935vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1033378vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3125vendor-advisoryx_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=142721102728110&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142496289803847&w=2vendor-advisoryx_refsource_HP
'[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARCvendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=144050297101809&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142720981827617&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=143748090628601&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=144050205101530&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=144050254401665&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142496179803395&w=2vendor-advisoryx_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0066.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-0800.htmlvendor-advisoryx_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019vendor-advisoryx_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisoryx_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlvendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlvendor-advisoryx_refsource_SUSE
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisoryx_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlvendor-advisoryx_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslvendor-advisoryx_refsource_CISCO
https://nvd.nist.gov/vuln/detail/CVE-2014-8275

Same Patch Batch · n/a · 2015-01-09 · 29 CVEs total

CVE-2015-0922		McAfee ePolicy Orchestrator 信息泄露漏洞
CVE-2015-0206		OpenSSL ‘dtls1_buffer_record’函数缓冲区错误漏洞
CVE-2015-0205		OpenSSL ‘ssl3_get_cert_verify’函数加密问题漏洞
CVE-2015-0204		OpenSSL 加密问题漏洞
CVE-2014-8033		Cisco WebEx Meetings Server play/modules组件授权问题漏洞
CVE-2014-8032		Cisco WebEx Meetings Server OutlookAction LI 信息泄露漏洞
CVE-2014-8031		Cisco WebEx Meetings Server 跨站请求伪造漏洞
CVE-2014-8030		Cisco WebEx Meetings Server 跨站脚本漏洞
CVE-2014-8029		Cisco Secure Access Control System Web界面开放重定向漏洞
CVE-2014-8028		Cisco Secure Access Control System Web框架跨站脚本漏洞
CVE-2014-8027		Cisco Secure Access Control System RBAC组件权限许可和访问控制漏洞
CVE-2014-3572		OpenSSL ‘ssl3_get_key_exchange’函数加密问题漏洞
CVE-2014-3571		OpenSSL 拒绝服务漏洞
CVE-2014-3570		OpenSSL BN_sqr实现加密问题漏洞
CVE-2014-9529		Linux Kernel 本地内存损坏漏洞
CVE-2015-0921		McAfee ePolicy Orchestrator XML外部实体漏洞
CVE-2014-9510		TP-LINK TL-WR840N 跨站请求伪造漏洞
CVE-2014-9505		Drupal School Administration模块跨站脚本漏洞
CVE-2014-9501		Drupal Poll Chart Block模块跨站脚本漏洞
CVE-2014-9500		Drupal MoIP模块跨站脚本漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-8275

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-8275

I. Basic Information for CVE-2014-8275

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-8275

III. Intelligence Information for CVE-2014-8275

Same Patch Batch · n/a · 2015-01-09 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-8275

Leave a comment