CVE-2014-0221

Severity

43%

Complexity

86%

Confidentiality

48%

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 11 years ago

2014-06-05 21:55:00

Last updated 6 years ago

2019-04-22 17:48:00

Affected Software

OpenSSL Project OpenSSL 1.0.0

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta1

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta2

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta3

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta4

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta5

1.0.0

OpenSSL Project OpenSSL 1.0.0a

1.0.0a

OpenSSL Project OpenSSL 1.0.0b

1.0.0b

OpenSSL Project OpenSSL 1.0.0c

1.0.0c

OpenSSL Project OpenSSL 1.0.0d

1.0.0d

OpenSSL Project OpenSSL 1.0.0e

1.0.0e

OpenSSL Project OpenSSL 1.0.0f

1.0.0f

OpenSSL Project OpenSSL 1.0.0g

1.0.0g

OpenSSL Project OpenSSL 1.0.0h

1.0.0h

OpenSSL Project OpenSSL 1.0.0i

1.0.0i

OpenSSL Project OpenSSL 1.0.0j

1.0.0j

OpenSSL Project OpenSSL 1.0.0k

1.0.0k

OpenSSL Project OpenSSL 1.0.0l

1.0.0l

Red Hat Storage 2.1

2.1

Fedora

Red Hat Enterprise Linux 5

5

Red Hat Enterprise Linux 6.0

6.0

OpenSSL Project OpenSSL 0.9.8

0.9.8

OpenSSL Project OpenSSL 0.9.8a

0.9.8a

OpenSSL Project OpenSSL 0.9.8b

0.9.8b

OpenSSL Project OpenSSL 0.9.8c

0.9.8c

OpenSSL Project OpenSSL 0.9.8d

0.9.8d

OpenSSL Project OpenSSL 0.9.8e

0.9.8e

OpenSSL Project OpenSSL 0.9.8f

0.9.8f

OpenSSL Project OpenSSL 0.9.8g

0.9.8g

OpenSSL Project OpenSSL 0.9.8h

0.9.8h

OpenSSL Project OpenSSL 0.9.8i

0.9.8i

OpenSSL Project OpenSSL 0.9.8j

0.9.8j

OpenSSL Project OpenSSL 0.9.8k

0.9.8k

OpenSSL Project OpenSSL 0.9.8l

0.9.8l

OpenSSL Project OpenSSL 0.9.8m

0.9.8m

OpenSSL Project OpenSSL 0.9.8m Beta1

0.9.8m

OpenSSL Project OpenSSL 0.9.8n

0.9.8n

OpenSSL Project OpenSSL 0.9.8o

0.9.8o

OpenSSL Project OpenSSL 0.9.8p

0.9.8p

OpenSSL Project OpenSSL 0.9.8q

0.9.8q

OpenSSL Project OpenSSL 0.9.8r

0.9.8r

OpenSSL Project OpenSSL 0.9.8s

0.9.8s

OpenSSL Project OpenSSL 0.9.8t

0.9.8t

OpenSSL Project OpenSSL 0.9.8u

0.9.8u

OpenSSL Project OpenSSL 0.9.8v

0.9.8v

OpenSSL Project OpenSSL 0.9.8w

0.9.8w

OpenSSL Project OpenSSL 0.9.8x

0.9.8x

OpenSSL Project OpenSSL

OpenSSL Project OpenSSL 1.0.1

1.0.1

OpenSSL Project OpenSSL 1.0.1 Beta1

1.0.1

OpenSSL Project OpenSSL 1.0.1 Beta2

1.0.1

OpenSSL Project OpenSSL 1.0.1 Beta3

1.0.1

OpenSSL Project OpenSSL 1.0.1a

1.0.1a

OpenSSL Project OpenSSL 1.0.1b

1.0.1b

OpenSSL Project OpenSSL 1.0.1c

1.0.1c

OpenSSL Project OpenSSL 1.0.1d

1.0.1d

OpenSSL Project OpenSSL 1.0.1e

1.0.1e

OpenSSL Project OpenSSL 1.0.1f

1.0.1f

OpenSSL Project OpenSSL 1.0.1g

1.0.1g

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

http://linux.oracle.com/errata/ELSA-2014-1053.html

FEDORA-2014-9301

FEDORA-2014-9308

SUSE-SU-2015:0743

openSUSE-SU-2016:0640

HPSBUX03046

HPSBOV03047

HPSBMU03057

HPSBMU03056

HPSBMU03055

HPSBMU03051

HPSBGN03050

HPSBMU03065

HPSBMU03069

HPSBMU03074

HPSBMU03062

HPSBMU03076

RHSA-2014:1021

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

58337

58615

58713

58714

58939

58945

58977

59027

59120

59126

59162

59167

59175

59189

59192

59221

59284

59287

59300

59301

59306

59310

59342

59364

59365

59413

59429

59437

59441

59449

59450

59451

59454

59460

59490

59491

59495

59514

59518

59528

59655

59659

59666

59669

59721

59784

59895

59990

60571

60687

61254

GLSA-201407-05

http://support.apple.com/kb/HT6443

http://support.citrix.com/article/CTX140876

20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

http://www.blackberry.com/btsc/KB36051

http://www.fortiguard.com/advisory/FG-IR-14-018/

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

http://www.ibm.com/support/docview.wss?uid=swg21676226

http://www.ibm.com/support/docview.wss?uid=swg21676356

http://www.ibm.com/support/docview.wss?uid=swg21676793

http://www.ibm.com/support/docview.wss?uid=swg24037783

MDVSA-2014:105

MDVSA-2014:106

MDVSA-2015:062

http://www.novell.com/support/kb/doc.php?id=7015264

http://www.novell.com/support/kb/doc.php?id=7015300

http://www.openssl.org/news/secadv_20140605.txt

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

67901

1030337

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

http://www-01.ibm.com/support/docview.wss?uid=swg21675821

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

http://www-01.ibm.com/support/docview.wss?uid=swg21676071

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

http://www-01.ibm.com/support/docview.wss?uid=swg21676879

http://www-01.ibm.com/support/docview.wss?uid=swg21676889

http://www-01.ibm.com/support/docview.wss?uid=swg21677527

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

http://www-01.ibm.com/support/docview.wss?uid=swg21678167

http://www-01.ibm.com/support/docview.wss?uid=swg21678289

http://www-01.ibm.com/support/docview.wss?uid=swg21683332

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

https://bugzilla.redhat.com/show_bug.cgi?id=1103593

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

https://kb.bluecoat.com/index?page=content&id=SA80

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

https://www.novell.com/support/kb/doc.php?id=7015271

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.