The dtls1_reassemble_fragment function in d1_both.c in OpenSSL prior to 0.9.8za, 1.0.0 prior to 1.0.0m, and 1.0.1 prior to 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote malicious users to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl |
||
mariadb mariadb |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 19 |
Synology finally patches OpenSSL bugs in Trevor's NAS
Sysadmin blog Synology quietly released version 4.2-3250 of its DiskStation Manager (DSM) operating system this month. This squashes critical security bugs in version 4.2 of DSM – bugs that were fixed in version 5.0 in June, so consider this a back port. Version 4.2 is old but still in use in various models, such as the DS109. The update got me thinking about the security of NASes and similar devices on our networks. New build 3250 addresses a kernel-level security issue as well as the six Ope...
OpenBSD grump it isn't in the cool kids infosec club
OpenBSD founder Theo De Raadt said OpenSSL maintainers appeared to have intentionally not informed it about dangerous vulnerabilities found in the platform and patched today. The apparent feud stems from the April break away LibreSSL which was forked after developers found the OpenSSL code base to be unacceptably insecure in the wake of the Heartbleed vulnerability. LibreSSL would still contain OpenSSL vulnerabilities such as the most recent DTLS invalid fragmentation bug (CVE-2014-0195) and rel...
On a scale of 1 to Heartbleed, this is a 7
The OpenSSL team has pushed out fixes for six security vulnerabilities in the widely used crypto library. These holes include a flaw that enables man-in-the-middle (MITM) eavesdropping on encrypted connections, and another that allows miscreants to drop malware on at-risk systems. A DTLS invalid fragment bug (CVE-2014-0195, affects versions 0.9.8, 1.0.0 and 1.0.1) can be used to inject malicious code into vulnerable software in apps, devices and servers. DTLS is more or less TLS encryption over ...