CVE Vulnerabilities

CVE-2014-0221

Published: Jun 05, 2014 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Affected Software

Name Vendor Start Version End Version
Openssl Openssl 0.9.8 (including) 0.9.8za (excluding)
Openssl Openssl 1.0.0 (including) 1.0.0m (excluding)
Openssl Openssl 1.0.1 (including) 1.0.1h (excluding)
Openssl Ubuntu devel *
Openssl Ubuntu lucid *
Openssl Ubuntu precise *
Openssl Ubuntu saucy *
Openssl Ubuntu trusty *
Openssl Ubuntu upstream *
Openssl098 Ubuntu devel *
Openssl098 Ubuntu precise *
Openssl098 Ubuntu saucy *
Openssl098 Ubuntu trusty *
Openssl098 Ubuntu upstream *
Red Hat Enterprise Linux 5 RedHat openssl-0:0.9.8e-27.el5_10.4 *
Red Hat Enterprise Linux 6 RedHat openssl-0:1.0.1e-16.el6_5.14 *
Red Hat Enterprise Linux 7 RedHat openssl-1:1.0.1e-34.el7_0.3 *
Red Hat JBoss Enterprise Application Platform 6.3 RedHat openssl *
Red Hat JBoss Web Server 2.1 RedHat *
Red Hat Storage 2.1 RedHat openssl-0:1.0.1e-16.el6_5.14 *

References