Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-0195HistoryJun 05, 2014 - 9:55 p.m.
CVE-2014-0195
2014-06-0521:55:00
Debian Security Bug Tracker
security-tracker.debian.org
14
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.7%
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | openssl | < 1.0.1h-1 | openssl_1.0.1h-1_all.deb |
| Debian | 11 | all | openssl | < 1.0.1h-1 | openssl_1.0.1h-1_all.deb |
| Debian | 10 | all | openssl | < 1.0.1h-1 | openssl_1.0.1h-1_all.deb |
| Debian | 999 | all | openssl | < 1.0.1h-1 | openssl_1.0.1h-1_all.deb |
| Debian | 13 | all | openssl | < 1.0.1h-1 | openssl_1.0.1h-1_all.deb |
Related
veracode
veracode
Denial Of Service (DoS) Through Buffer Overflow
2017-02-07 02:27:14
mariadbunix
mariadbunix
CVE-2014-0195
2014-06-05 21:55:06
nessus
nessus
Rockwell Automation Stratix DTLS Invalid Fragment (CVE-2014-0195)
2023-11-15 00:00:00
F5 Networks BIG-IP : OpenSSL vulnerability (K15356)
2014-10-10 00:00:00
Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSL
2014-06-18 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS Invalid Fragment Remote Code Execution (CVE-2014-0195)
2014-06-05 00:00:00
f5
f5
K15356 : OpenSSL vulnerability CVE-2014-0195
2014-08-13 00:00:00
SOL15356 - OpenSSL vulnerability CVE-2014-0195
2014-06-20 00:00:00
prion
prion
Buffer overflow
2014-06-05 21:55:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-0195
2014-06-05 00:00:00
ubuntucve
ubuntucve
CVE-2014-0195
2014-06-05 00:00:00
cve
cve
CVE-2014-0195
2014-06-05 21:55:00
metasploit
metasploit
OpenSSL DTLS Fragment Buffer Overflow DoS
2014-06-07 19:56:34
zdi
zdi
ibm
ibm
Security Bulletin: IBM MessageSight is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, and CVE-2014-0195)
2018-06-17 15:12:13
debian
debian
[SECURITY] [DSA 2950-2] openssl update
2014-06-16 18:21:12
openssl security update
2014-06-05 19:36:19
[SECURITY] [DSA 2950-1] openssl security update
2014-06-05 11:51:34
openvas
openvas
openSUSE: Security Advisory for openssl (openSUSE-SU-2014:0764-1)
2014-06-09 00:00:00
Ubuntu: Security Advisory (USN-2232-4)
2014-08-19 00:00:00
Ubuntu: Security Advisory (USN-2232-2)
2014-06-17 00:00:00
ubuntu
ubuntu
OpenSSL regression
2014-08-18 00:00:00
OpenSSL regression
2014-06-23 00:00:00
OpenSSL regression
2014-06-12 00:00:00
suse
suse
openssl: update to version 1.0.1h (critical)
2014-06-06 11:04:41
update to version 1.0.0m (critical)
2014-06-06 12:04:17
Security update for OpenSSL 1.0 (critical)
2014-06-06 09:04:15
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:14.openssl
2014-06-05 00:00:00
mageia
mageia
Updated openssl packages fix multiple vulnerabilties
2014-06-06 14:31:01
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-06-05 00:00:00
osv
osv
openssl - security update
2014-06-05 00:00:00
openssl - security update
2014-06-05 00:00:00
aix
aix
AIX OpenSSL Vulnerabilities (Multiple CVEs)
2014-06-11 06:39:27
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-06-06 00:00:00
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
2014-08-26 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-07-23 00:00:00
openssl security update
2014-06-05 00:00:00
openssl security update
2014-10-16 00:00:00
citrix
citrix
Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)
2014-06-06 04:00:00
slackware
slackware
[slackware-security] openssl
2014-06-06 05:27:11
redhat
redhat
(RHSA-2014:0625) Important: openssl security update
2014-06-05 00:00:00
(RHSA-2014:0628) Important: openssl security update
2014-06-05 00:00:00
(RHSA-2014:0679) Important: openssl security update
2014-06-10 00:00:00
centos
centos
openssl security update
2014-06-05 13:06:47
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-07-27 00:00:00
thn
thn
OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs
2014-06-05 05:49:00
vmware
vmware
VMware product updates address OpenSSL security vulnerabilities
2014-06-10 00:00:00
huawei
huawei
Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products
2014-06-13 00:00:00
intel
intel
amazon
amazon
Important: openssl
2014-06-04 15:45:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
2014-06-05 22:40:00
fortinet
fortinet
Multiple Vulnerabilities in OpenSSL
2014-06-06 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: openssl-1.0.1e-38.fc20
2014-06-05 21:55:11
[SECURITY] Fedora 19 Update: openssl-1.0.1e-38.fc19
2014-06-05 21:54:15
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19
2014-08-09 07:34:58
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.969 High
EPSS
Percentile
99.7%
Related for DEBIANCVE:CVE-2014-0195