CVE-2014-0221

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.8 (including)	0.9.8za (excluding)
Openssl	Openssl	1.0.0 (including)	1.0.0m (excluding)
Openssl	Openssl	1.0.1 (including)	1.0.1h (excluding)
Red Hat Enterprise Linux 5	RedHat	openssl-0:0.9.8e-27.el5_10.4	*
Red Hat Enterprise Linux 6	RedHat	openssl-0:1.0.1e-16.el6_5.14	*
Red Hat Enterprise Linux 7	RedHat	openssl-1:1.0.1e-34.el7_0.3	*
Red Hat JBoss Enterprise Application Platform 6.3	RedHat	openssl	*
Red Hat JBoss Web Server 2.1	RedHat		*
Red Hat Storage 2.1	RedHat	openssl-0:1.0.1e-16.el6_5.14	*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	esm-infra-legacy/trusty	*
Openssl	Ubuntu	lucid	*
Openssl	Ubuntu	precise	*
Openssl	Ubuntu	saucy	*
Openssl	Ubuntu	trusty	*
Openssl	Ubuntu	trusty/esm	*
Openssl	Ubuntu	upstream	*
Openssl098	Ubuntu	devel	*
Openssl098	Ubuntu	precise	*
Openssl098	Ubuntu	saucy	*
Openssl098	Ubuntu	trusty	*
Openssl098	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0221
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References