Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-0195

Published: 05/06/2014 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Openssl

Vulnerability Summary

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL prior to 0.9.8za, 1.0.0 prior to 1.0.0m, and 1.0.1 prior to 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote malicious users to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

mariadb mariadb

opensuse leap 42.1

opensuse opensuse 13.2

fedoraproject fedora 20

fedoraproject fedora 19

Vendor Advisories

Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Debian Bug report logs - #775888 virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427 Package: virtualbox; Maintainer for virtualbox is Debian Virtualbox Team <team+debian-virtualbox@trackerdebianorg>; Source for virtualbox is src:virtualbox (PTS, buildd, popcon) Reported by: Mori ...
Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470
Debian Bug report logs - #750665 openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Jeff Ballard < ...
Debian Security Advisories: DSA-2950-1 openssl -- security update
Multiple vulnerabilities have been discovered in OpenSSL: CVE-2014-0195 Jueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service CVE-20 ...
Amazon Linux AMI: ALAS-2014-349
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must ...
Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Ubuntu Security Notice: openssl regression
USN-2232-1 introduced a regression in OpenSSL ...
Ubuntu Security Notice: openssl vulnerabilities
USN-2232-1 introduced a regression in OpenSSL ...
Ubuntu Security Notice: openssl regression
USN-2232-1 introduced a regression in OpenSSL ...
Red Hat: CVE-2014-0195
The dtls1_reassemble_fragment function in d1_bothc in OpenSSL before 098za, 100 before 100m, and 101 before 101h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial frag ...
Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)
Overview The OpenSSL security advisory released on the 5th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below: • CVE-2014-0224: SSL/TLS MITM vulnerability • CVE-2014-0221: DTLS recursion flaw • CVE-2014-0195: DTLS invalid fragment vulnerability • CVE-2014-0198: SSL_MODE_RELEASE_BUFFE ...

Github Repositories

https://github.com/ricedu/CVE-2014-0195

OpenSSL heap overflow PoC (CVE-2014-0195)

CVE-2014-0195 OpenSSL heap overflow PoC (CVE-2014-0195)

https://github.com/securityrouter/changelog

Security router changelog

The securityrouterorg project is a network operating system and software distribution based on OpenBSD which is developed and maintained by Halon Security New systems are deployed by downloading a software image The easiest way to update existing systems is to perform an automatic update from within the product's administration New major versions can contain configurat

Recent Articles

How long is too long to wait for a security fix?
The Register • Trevor Pott • 25 Jul 2014

Synology finally patches OpenSSL bugs in Trevor's NAS

Sysadmin blog Synology quietly released version 4.2-3250 of its DiskStation Manager (DSM) operating system this month. This squashes critical security bugs in version 4.2 of DSM – bugs that were fixed in version 5.0 in June, so consider this a back port. Version 4.2 is old but still in use in various models, such as the DS109. The update got me thinking about the security of NASes and similar devices on our networks. New build 3250 addresses a kernel-level security issue as well as the six Ope...

Read more...
Thanks for nothing, OpenSSL, grumbles stonewalled De Raadt
The Register • Darren Pauli • 06 Jun 2014

OpenBSD grump it isn't in the cool kids infosec club

OpenBSD founder Theo De Raadt said OpenSSL maintainers appeared to have intentionally not informed it about dangerous vulnerabilities found in the platform and patched today. The apparent feud stems from the April break away LibreSSL which was forked after developers found the OpenSSL code base to be unacceptably insecure in the wake of the Heartbleed vulnerability. LibreSSL would still contain OpenSSL vulnerabilities such as the most recent DTLS invalid fragmentation bug (CVE-2014-0195) and rel...

Read more...
Patch NOW: Six new bugs found in OpenSSL – including spying hole
The Register • John Leyden • 05 Jun 2014

On a scale of 1 to Heartbleed, this is a 7

The OpenSSL team has pushed out fixes for six security vulnerabilities in the widely used crypto library. These holes include a flaw that enables man-in-the-middle (MITM) eavesdropping on encrypted connections, and another that allows miscreants to drop malware on at-risk systems. A DTLS invalid fragment bug (CVE-2014-0195, affects versions 0.9.8, 1.0.0 and 1.0.1) can be used to inject malicious code into vulnerable software in apps, devices and servers. DTLS is more or less TLS encryption over ...

Read more...

References

CWE-120http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048https://bugzilla.redhat.com/show_bug.cgi?id=1103598http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002http://www.openssl.org/news/secadv_20140605.txthttps://kb.bluecoat.com/index?page=content&id=SA80http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslhttp://www.blackberry.com/btsc/KB36051http://www-01.ibm.com/support/docview.wss?uid=swg21676035http://secunia.com/advisories/59301http://secunia.com/advisories/59450http://secunia.com/advisories/59491http://secunia.com/advisories/59721http://www-01.ibm.com/support/docview.wss?uid=swg21677695http://secunia.com/advisories/59655http://secunia.com/advisories/59659http://www-01.ibm.com/support/docview.wss?uid=swg21678289http://secunia.com/advisories/59162http://secunia.com/advisories/59528http://secunia.com/advisories/58939http://secunia.com/advisories/59666http://secunia.com/advisories/59587http://secunia.com/advisories/59126http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21677828http://secunia.com/advisories/59490http://www-01.ibm.com/support/docview.wss?uid=swg21676062https://kc.mcafee.com/corporate/index?page=content&id=SB10075http://www-01.ibm.com/support/docview.wss?uid=swg21676419http://www-01.ibm.com/support/docview.wss?uid=swg21678167http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmhttp://www-01.ibm.com/support/docview.wss?uid=swg21673137http://secunia.com/advisories/59514http://www-01.ibm.com/support/docview.wss?uid=swg21677527http://secunia.com/advisories/59669http://secunia.com/advisories/59413http://secunia.com/advisories/58883http://secunia.com/advisories/59300http://secunia.com/advisories/59895http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://secunia.com/advisories/59530http://www.fortiguard.com/advisory/FG-IR-14-018/http://secunia.com/advisories/59342http://secunia.com/advisories/59451http://www-01.ibm.com/support/docview.wss?uid=isg400001843http://secunia.com/advisories/58743http://www-01.ibm.com/support/docview.wss?uid=isg400001841http://secunia.com/advisories/59990http://secunia.com/advisories/60571http://secunia.com/advisories/59784http://support.apple.com/kb/HT6443http://seclists.org/fulldisclosure/2014/Dec/23http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://marc.info/?l=bugtraq&m=142660345230545&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://marc.info/?l=bugtraq&m=140431828824371&w=2http://marc.info/?l=bugtraq&m=140499827729550&w=2http://marc.info/?l=bugtraq&m=140266410314613&w=2http://marc.info/?l=bugtraq&m=140448122410568&w=2http://marc.info/?l=bugtraq&m=140491231331543&w=2http://marc.info/?l=bugtraq&m=140621259019789&w=2http://marc.info/?l=bugtraq&m=140482916501310&w=2http://marc.info/?l=bugtraq&m=140389274407904&w=2http://marc.info/?l=bugtraq&m=140317760000786&w=2http://marc.info/?l=bugtraq&m=140904544427729&w=2http://marc.info/?l=bugtraq&m=140389355508263&w=2http://marc.info/?l=bugtraq&m=140752315422991&w=2https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlhttps://www.novell.com/support/kb/doc.php?id=7015271http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754http://www-01.ibm.com/support/docview.wss?uid=swg21683332http://www-01.ibm.com/support/docview.wss?uid=swg21676889http://www-01.ibm.com/support/docview.wss?uid=swg21676879http://www-01.ibm.com/support/docview.wss?uid=swg21676644http://www-01.ibm.com/support/docview.wss?uid=swg21676071http://www-01.ibm.com/support/docview.wss?uid=swg21675821http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163http://www.vmware.com/security/advisories/VMSA-2014-0006.htmlhttp://www.securitytracker.com/id/1030337http://www.securityfocus.com/bid/67900http://www.mandriva.com/security/advisories?name=MDVSA-2014:106http://www.ibm.com/support/docview.wss?uid=swg24037783http://www.ibm.com/support/docview.wss?uid=swg21676793http://www.ibm.com/support/docview.wss?uid=swg21676356http://www.f-secure.com/en/web/labs_global/fsc-2014-6http://support.citrix.com/article/CTX140876http://security.gentoo.org/glsa/glsa-201407-05.xmlhttp://secunia.com/advisories/61254http://secunia.com/advisories/59518http://secunia.com/advisories/59454http://secunia.com/advisories/59449http://secunia.com/advisories/59441http://secunia.com/advisories/59437http://secunia.com/advisories/59429http://secunia.com/advisories/59365http://secunia.com/advisories/59364http://secunia.com/advisories/59310http://secunia.com/advisories/59306http://secunia.com/advisories/59305http://secunia.com/advisories/59287http://secunia.com/advisories/59223http://secunia.com/advisories/59192http://secunia.com/advisories/59189http://secunia.com/advisories/59188http://secunia.com/advisories/59175http://secunia.com/advisories/59040http://secunia.com/advisories/58977http://secunia.com/advisories/58945http://secunia.com/advisories/58714http://secunia.com/advisories/58713http://secunia.com/advisories/58660http://secunia.com/advisories/58615http://secunia.com/advisories/58337http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.aschttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888https://usn.ubuntu.com/2232-1/https://access.redhat.com/security/cve/cve-2014-0195https://www.debian.org/security/./dsa-2950
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook