OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple Vulnerabilities

OpenSSL before 0.9.8za, 1.0.0m, or 1.0.1h are unpatched for the following vulnerabilities:

• Potential arbitrary code execution due to a buffer overflow vulnerability when processing invalid DTLS fragments (CVE-2014-0195)

• Denial of service via a NULL pointer dereference error in ‘so_ssl3_write()’ function of ‘s3_pkt.c’ source file (CVE-2014-0198)

• Denial of service against an OpenSSL client due to a recursion flaw in the DTLS handshake. (CVE-2014-0221)

• A man-in-the-middle security bypass due to weak keying material in OpenSSL SSL/TLS clients and servers, which can be exploited via a specially crafted handshake (CVE-2014-0224)

• Denial of service that can be triggered in the case where anonymous ECDH cipher suites are enabled in TLS clients (CVE-2014-3470)

• An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292)

• A flaw exists that is triggered as user-supplied input is not properly validated when a DTLS peer handles application data between the ChangeCipherSpec and Finished messages. This may allow a remote attacker to cause an invalid free, which will corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2014-8176)