Published: 05/06/2014 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The dtls1_get_message_fragment function in d1_both.c in OpenSSL prior to 0.9.8za, 1.0.0 prior to 1.0.0m, and 1.0.1 prior to 1.0.1h allows remote malicious users to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl
redhat enterprise linux 6.0
redhat storage 2.1
redhat enterprise linux 5
fedoraproject fedora
mariadb mariadb
fedoraproject fedora 20
fedoraproject fedora 19
opensuse leap 42.1
opensuse opensuse 13.2
suse linux enterprise server 12
suse linux enterprise software development kit 12
suse linux enterprise desktop 12
suse linux enterprise workstation extension 12

Debian Bug report logs - #775888 virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427 Package: virtualbox; Maintainer for virtualbox is Debian Virtualbox Team <team+debian-virtualbox@trackerdebianorg>; Source for virtualbox is src:virtualbox (PTS, buildd, popcon) Reported by: Mori ...

Debian Bug report logs - #750665 openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Jeff Ballard < ...

Multiple vulnerabilities have been discovered in OpenSSL: CVE-2014-0195 Jueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service CVE-20 ...

It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must ...

Several security issues were fixed in OpenSSL ...

USN-2232-1 introduced a regression in OpenSSL ...

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash ...

Overview The OpenSSL security advisory released on the 5th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below: • CVE-2014-0224: SSL/TLS MITM vulnerability • CVE-2014-0221: DTLS recursion flaw • CVE-2014-0195: DTLS invalid fragment vulnerability • CVE-2014-0198: SSL_MODE_RELEASE_BUFFE ...

FireEye patches OS, torpedos Exploit-DB disclosure

The Register • Darren Pauli • 10 Jul 2014

Researcher suspended after zero-day dump

FireEye has patched a series of publicly-disclosed flaws in its operating system (FEOS) that facilitated man-in-the-middle attacks and command injection. The vulnerabilities released over June affected versions NX, EX, AX, FX, and CM of the FEOS and were patched in the first individual security bulletin for the system. The company urged customers to apply fixes. "FireEye encourages all customers to upgrade to the most current releases as soon as practical - especially customers running versions ...

Get Started

CVE-2014-0221

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect