CVE-2014-0221CVE-2014-0221

Affected configuration(s):

cpe:/a:openssl:openssl:0.9.8
cpe:/a:openssl:openssl:0.9.8a
cpe:/a:openssl:openssl:0.9.8b
cpe:/a:openssl:openssl:0.9.8c
cpe:/a:openssl:openssl:0.9.8d
cpe:/a:openssl:openssl:0.9.8e
cpe:/a:openssl:openssl:0.9.8f
cpe:/a:openssl:openssl:0.9.8g
cpe:/a:openssl:openssl:0.9.8h
cpe:/a:openssl:openssl:0.9.8i
cpe:/a:openssl:openssl:0.9.8j
cpe:/a:openssl:openssl:0.9.8k
cpe:/a:openssl:openssl:0.9.8l
cpe:/a:openssl:openssl:0.9.8m
cpe:/a:openssl:openssl:0.9.8m:beta1
cpe:/a:openssl:openssl:0.9.8n
cpe:/a:openssl:openssl:0.9.8o
cpe:/a:openssl:openssl:0.9.8p
cpe:/a:openssl:openssl:0.9.8q
cpe:/a:openssl:openssl:0.9.8r
cpe:/a:openssl:openssl:0.9.8s
cpe:/a:openssl:openssl:0.9.8t
cpe:/a:openssl:openssl:0.9.8u
cpe:/a:openssl:openssl:0.9.8v
cpe:/a:openssl:openssl:0.9.8w
cpe:/a:openssl:openssl:0.9.8x
cpe:/a:openssl:openssl:0.9.8y
cpe:/a:openssl:openssl:1.0.0
cpe:/a:openssl:openssl:1.0.0:beta1
cpe:/a:openssl:openssl:1.0.0:beta2
cpe:/a:openssl:openssl:1.0.0:beta3
cpe:/a:openssl:openssl:1.0.0:beta4
cpe:/a:openssl:openssl:1.0.0:beta5
cpe:/a:openssl:openssl:1.0.0a
cpe:/a:openssl:openssl:1.0.0b
cpe:/a:openssl:openssl:1.0.0c
cpe:/a:openssl:openssl:1.0.0d
cpe:/a:openssl:openssl:1.0.0e
cpe:/a:openssl:openssl:1.0.0f
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.0i
cpe:/a:openssl:openssl:1.0.0j
cpe:/a:openssl:openssl:1.0.0k
cpe:/a:openssl:openssl:1.0.0l
cpe:/a:openssl:openssl:1.0.1
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.1:beta2
cpe:/a:openssl:openssl:1.0.1:beta3
cpe:/a:openssl:openssl:1.0.1a
cpe:/a:openssl:openssl:1.0.1b
cpe:/a:openssl:openssl:1.0.1c
cpe:/a:openssl:openssl:1.0.1d
cpe:/a:openssl:openssl:1.0.1e
cpe:/a:openssl:openssl:1.0.1f
cpe:/a:openssl:openssl:1.0.1g
cpe:/a:redhat:storage:2.1
cpe:/o:fedoraproject:fedora
cpe:/o:redhat:enterprise_linux:5
cpe:/o:redhat:enterprise_linux:6

Date published: 2014-06-05T17:55:06.207-04:00

Date last modified: 2017-11-14T21:29:03.110-05:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

Summary: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.