Lucene search
F5F5:K15343HistoryNov 09, 2015 - 12:00 a.m.
K15343 : OpenSSL vulnerability CVE-2014-0221
2015-11-0900:00:00
my.f5.com
3
7 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.969 High
EPSS
Percentile
99.7%
Security Advisory Description
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. (CVE-2014-0221)
Impact
An attacker may be able to exploit an OpenSSL Datagram Transport Layer Security (DTLS) client by sending an invalid DTLS handshake. As a result, the client may experience a denial-of-service (DoS) attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.3.0 | |
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip analytics | eq | 11.0.0 |
Related
debiancve
debiancve
CVE-2014-0221
2014-06-05 21:55:00
cve
cve
CVE-2014-0221
2014-06-05 21:55:00
veracode
veracode
Denial Of Service (DoS) Through Recursion
2017-02-07 02:18:10
Denial Of Service (DoS) Through Recursion
2019-01-15 08:59:10
prion
prion
Design/Logic Flaw
2014-06-05 21:55:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-1121)
2020-02-24 00:00:00
Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2022-2717)
2022-11-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0759-1)
2021-06-09 00:00:00
f5
f5
SOL15343 - OpenSSL vulnerability CVE-2014-0221
2014-06-16 00:00:00
mariadbunix
mariadbunix
CVE-2014-0221
2014-06-05 21:55:06
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS Hello Message Denial of Service (CVE-2014-0221)
2014-06-08 00:00:00
nessus
nessus
Rockwell Automation Stratix DTLS Recursion Flaw (CVE-2014-0221)
2023-11-15 00:00:00
EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2020-1121)
2020-02-24 00:00:00
F5 Networks BIG-IP : OpenSSL vulnerability (SOL15343)
2014-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2014-0221
2014-06-05 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-0221
2014-06-05 00:00:00
suse
suse
Security update for OpenSSL (critical)
2014-06-07 01:04:17
Security update for OpenSSL (critical)
2014-06-06 00:04:19
openssl: update to version 1.0.1h (critical)
2014-06-06 11:04:41
ibm
ibm
ubuntu
ubuntu
OpenSSL regression
2014-08-18 00:00:00
OpenSSL regression
2014-06-23 00:00:00
OpenSSL vulnerabilities
2014-06-05 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:14.openssl
2014-06-05 00:00:00
debian
debian
[SECURITY] [DSA 2950-2] openssl update
2014-06-16 18:21:12
openssl security update
2014-06-05 19:36:19
[SECURITY] [DSA 2950-1] openssl security update
2014-06-05 11:51:34
mageia
mageia
Updated openssl packages fix multiple vulnerabilties
2014-06-06 14:31:01
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-06-05 00:00:00
osv
osv
openssl - security update
2014-06-05 00:00:00
openssl - security update
2014-06-05 00:00:00
redhat
redhat
(RHSA-2014:1053) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2014:0625) Important: openssl security update
2014-06-05 00:00:00
(RHSA-2014:0628) Important: openssl security update
2014-06-05 00:00:00
aix
aix
AIX OpenSSL Vulnerabilities (Multiple CVEs)
2014-06-11 06:39:27
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-06-06 00:00:00
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
2014-08-26 00:00:00
centos
centos
openssl security update
2014-08-13 19:52:24
openssl security update
2014-06-05 13:06:47
citrix
citrix
Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)
2014-06-06 04:00:00
slackware
slackware
[slackware-security] openssl
2014-06-06 05:27:11
oraclelinux
oraclelinux
openssl security update
2014-06-05 00:00:00
openssl security update
2014-07-23 00:00:00
openssl security update
2014-08-13 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2014-07-27 00:00:00
thn
thn
OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs
2014-06-05 05:49:00
vmware
vmware
VMware product updates address OpenSSL security vulnerabilities
2014-06-10 00:00:00
huawei
huawei
Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products
2014-06-13 00:00:00
intel
intel
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
2014-06-05 22:40:00
amazon
amazon
Important: openssl
2014-06-04 15:45:00
fortinet
fortinet
Multiple Vulnerabilities in OpenSSL
2014-06-06 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: openssl-1.0.1e-38.fc20
2014-06-05 21:55:11
[SECURITY] Fedora 19 Update: openssl-1.0.1e-38.fc19
2014-06-05 21:54:15
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21
2015-01-02 05:06:53
7 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.969 High
EPSS
Percentile
99.7%
Related for F5:K15343