The dtls1_get_message_fragment function in d1_both.c in OpenSSL prior to 0.9.8za, 1.0.0 prior to 1.0.0m, and 1.0.1 prior to 1.0.1h allows remote malicious users to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl |
||
redhat enterprise linux 6.0 |
||
redhat storage 2.1 |
||
redhat enterprise linux 5 |
||
fedoraproject fedora |
||
mariadb mariadb |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 19 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
suse linux enterprise server 12 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise desktop 12 |
||
suse linux enterprise workstation extension 12 |
Researcher suspended after zero-day dump
FireEye has patched a series of publicly-disclosed flaws in its operating system (FEOS) that facilitated man-in-the-middle attacks and command injection. The vulnerabilities released over June affected versions NX, EX, AX, FX, and CM of the FEOS and were patched in the first individual security bulletin for the system. The company urged customers to apply fixes. "FireEye encourages all customers to upgrade to the most current releases as soon as practical - especially customers running versions ...