The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. (CVE-2014-0195)

CPENameOperatorVersion
big-ip psmle11.3.0
big-ip apmle11.3.0
big-ip edge gatewayle11.3.0
big-ip webacceleratorle11.3.0
big-ip womle11.3.0
big-ip afmle11.3.0
big-ip asmle11.3.0
big-ip gtmle11.3.0
big-ip ltmle11.3.0
big-ip pemle11.3.0

Name	Operator	Version
big-ip psm	le	11.3.0
big-ip apm	le	11.3.0
big-ip edge gateway	le	11.3.0
big-ip webaccelerator	le	11.3.0
big-ip wom	le	11.3.0
big-ip afm	le	11.3.0
big-ip asm	le	11.3.0
big-ip gtm	le	11.3.0
big-ip ltm	le	11.3.0
big-ip pem	le	11.3.0

Rows per page:

1-10 of 121

References

support.f5.com/kb/en-us/solutions/public/11000/200/sol11246.html

support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html

support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html

support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html

veracode 1

mariadbunix 1

nessus 76

checkpoint_advisories 1

f5 1

prion 1

debiancve 1

openssl 1

ubuntucve 1

cve 1

metasploit 1

zdi 1

ibm 31

debian 4

openvas 37

mageia 1

ubuntu 4

suse 3

freebsd 1

freebsd_advisory 1

osv 2

securityvulns 2

aix 1

oraclelinux 3

gentoo 1

citrix 1

slackware 1

redhat 4

thn 1

vmware 1

centos 1

intel 1

cisco 1

amazon 1

huawei 1

fortinet 1

fedora 7

veracode

Denial Of Service (DoS) Through Buffer Overflow

2017-02-07 02:27:14

mariadbunix

CVE-2014-0195

2014-06-05 21:55:06

nessus

Rockwell Automation Stratix DTLS Invalid Fragment (CVE-2014-0195)

2023-11-15 00:00:00

F5 Networks BIG-IP : OpenSSL vulnerability (K15356)

2014-10-10 00:00:00

Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSL

2014-06-18 00:00:00

checkpoint_advisories

OpenSSL DTLS Invalid Fragment Remote Code Execution (CVE-2014-0195)

2014-06-05 00:00:00

K15356 : OpenSSL vulnerability CVE-2014-0195

2014-08-13 00:00:00

prion

Buffer overflow

2014-06-05 21:55:00

debiancve

CVE-2014-0195

2014-06-05 21:55:00

openssl

Vulnerability in OpenSSL CVE-2014-0195

2014-06-05 00:00:00

ubuntucve

CVE-2014-0195

2014-06-05 00:00:00

cve

CVE-2014-0195

2014-06-05 21:55:00

metasploit

OpenSSL DTLS Fragment Buffer Overflow DoS

2014-06-07 19:56:34

zdi

OpenSSL DTLS Fragment Out-Of-Bounds Write Remote Code Execution Vulnerability

2014-06-05 00:00:00

ibm

Security Bulletin: IBM MessageSight is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, and CVE-2014-0195)

2018-06-17 15:12:13

Security Bulletin: Tivoli Workload Scheduler is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470

2018-06-17 14:44:05

Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470)

2018-06-17 14:42:46

debian

[SECURITY] [DSA 2950-2] openssl update

2014-06-16 18:21:12

[SECURITY] [DSA 2950-1] openssl security update

2014-06-05 11:51:34

openssl security update

2014-06-05 19:36:04

openvas

openSUSE: Security Advisory for openssl (openSUSE-SU-2014:0764-1)

2014-06-09 00:00:00

Ubuntu: Security Advisory (USN-2232-4)

2014-08-19 00:00:00

openSUSE: Security Advisory for update (openSUSE-SU-2014:0765-1)

2014-06-09 00:00:00

mageia

Updated openssl packages fix multiple vulnerabilties

2014-06-06 14:31:01

ubuntu

OpenSSL vulnerabilities

2014-06-05 00:00:00

OpenSSL regression

2014-06-12 00:00:00

OpenSSL regression

2014-08-18 00:00:00

suse

openssl: update to version 1.0.1h (critical)

2014-06-06 11:04:41

update to version 1.0.0m (critical)

2014-06-06 12:04:17

Security update for OpenSSL 1.0 (critical)

2014-06-06 09:04:15

freebsd

OpenSSL -- multiple vulnerabilities

2014-06-05 00:00:00

freebsd_advisory

FreeBSD-SA-14:14.openssl

2014-06-05 00:00:00

osv

openssl - security update

2014-06-05 00:00:00

openssl - security update

2014-06-05 00:00:00

securityvulns

OpenSSL multiple security vulnerabilities

2014-06-06 00:00:00

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

2014-08-26 00:00:00

aix

AIX OpenSSL Vulnerabilities (Multiple CVEs)

2014-06-11 06:39:27

oraclelinux

openssl security update

2014-07-23 00:00:00

openssl security update

2014-06-05 00:00:00

openssl security update

2014-10-16 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2014-07-27 00:00:00

citrix

Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)

2014-06-06 04:00:00

slackware

[slackware-security] openssl

2014-06-06 05:27:11

redhat

(RHSA-2014:0625) Important: openssl security update

2014-06-05 00:00:00

(RHSA-2014:0628) Important: openssl security update

2014-06-05 00:00:00

(RHSA-2014:0679) Important: openssl security update

2014-06-10 00:00:00

thn

OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs

2014-06-05 05:49:00

vmware

VMware product updates address OpenSSL security vulnerabilities

2014-06-10 00:00:00

centos

openssl security update

2014-06-05 13:06:47

intel

Multiple Security Issues with Intel® Manycore Platform Software Stack (Intel® MPSS) release 3.x

2014-08-26 00:00:00

cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

2014-06-05 22:40:00

amazon

Important: openssl

2014-06-04 15:45:00

huawei

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

2014-06-13 00:00:00

fortinet

Multiple Vulnerabilities in OpenSSL

2014-06-06 00:00:00

fedora

[SECURITY] Fedora 20 Update: openssl-1.0.1e-38.fc20

2014-06-05 21:55:11

[SECURITY] Fedora 19 Update: openssl-1.0.1e-38.fc19

2014-06-05 21:54:15

[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19

2014-08-09 07:34:58

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.965 High

EPSS

Percentile

99.5%

JSON

Related for SOL15356