Lucene search

PRIOn knowledge basePRION:CVE-2014-0195

HistoryJun 05, 2014 - 9:55 p.m.

Buffer overflow

2014-06-0521:55:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

CPENameOperatorVersion
fedoraeq20
fedoraeq19
mariadbge10.0.0
mariadblt10.0.13
opensslge1.0.0
openssllt1.0.0
opensslge1.0.1
openssllt1.0.1
opensslge0.9.8
openssllt0.9.8

Name	Operator	Version
fedora	eq	20
fedora	eq	19
mariadb	ge	10.0.0
mariadb	lt	10.0.13
openssl	ge	1.0.0
openssl	lt	1.0.0
openssl	ge	1.0.1
openssl	lt	1.0.1
openssl	ge	0.9.8
openssl	lt	0.9.8

Rows per page:

1-10 of 121

References

aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048

h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002

kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/58337

secunia.com/advisories/58615

secunia.com/advisories/58660

secunia.com/advisories/58713

secunia.com/advisories/58714

secunia.com/advisories/58743

secunia.com/advisories/58883

secunia.com/advisories/58939

secunia.com/advisories/58945

secunia.com/advisories/58977

secunia.com/advisories/59040

secunia.com/advisories/59126

secunia.com/advisories/59162

secunia.com/advisories/59175

secunia.com/advisories/59188

secunia.com/advisories/59189

secunia.com/advisories/59192

secunia.com/advisories/59223

secunia.com/advisories/59287

secunia.com/advisories/59300

secunia.com/advisories/59301

secunia.com/advisories/59305

secunia.com/advisories/59306

secunia.com/advisories/59310

secunia.com/advisories/59342

secunia.com/advisories/59364

secunia.com/advisories/59365

secunia.com/advisories/59413

secunia.com/advisories/59429

secunia.com/advisories/59437

secunia.com/advisories/59441

secunia.com/advisories/59449

secunia.com/advisories/59450

secunia.com/advisories/59451

secunia.com/advisories/59454

secunia.com/advisories/59490

secunia.com/advisories/59491

secunia.com/advisories/59514

secunia.com/advisories/59518

secunia.com/advisories/59528

secunia.com/advisories/59530

secunia.com/advisories/59587

secunia.com/advisories/59655

secunia.com/advisories/59659

secunia.com/advisories/59666

secunia.com/advisories/59669

secunia.com/advisories/59721

secunia.com/advisories/59784

secunia.com/advisories/59895

secunia.com/advisories/59990

secunia.com/advisories/60571

secunia.com/advisories/61254

security.gentoo.org/glsa/glsa-201407-05.xml

support.apple.com/kb/HT6443

support.citrix.com/article/CTX140876

support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

www-01.ibm.com/support/docview.wss?uid=isg400001841

www-01.ibm.com/support/docview.wss?uid=isg400001843

www-01.ibm.com/support/docview.wss?uid=nas8N1020163

www-01.ibm.com/support/docview.wss?uid=swg21673137

www-01.ibm.com/support/docview.wss?uid=swg21675821

www-01.ibm.com/support/docview.wss?uid=swg21676035

www-01.ibm.com/support/docview.wss?uid=swg21676062

www-01.ibm.com/support/docview.wss?uid=swg21676071

www-01.ibm.com/support/docview.wss?uid=swg21676419

www-01.ibm.com/support/docview.wss?uid=swg21676644

www-01.ibm.com/support/docview.wss?uid=swg21676879

www-01.ibm.com/support/docview.wss?uid=swg21676889

www-01.ibm.com/support/docview.wss?uid=swg21677527

www-01.ibm.com/support/docview.wss?uid=swg21677695

www-01.ibm.com/support/docview.wss?uid=swg21677828

www-01.ibm.com/support/docview.wss?uid=swg21678167

www-01.ibm.com/support/docview.wss?uid=swg21678289

www-01.ibm.com/support/docview.wss?uid=swg21683332

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

www.blackberry.com/btsc/KB36051

www.f-secure.com/en/web/labs_global/fsc-2014-6

www.fortiguard.com/advisory/FG-IR-14-018/

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

www.ibm.com/support/docview.wss?uid=swg21676356

www.ibm.com/support/docview.wss?uid=swg21676793

www.ibm.com/support/docview.wss?uid=swg24037783

www.mandriva.com/security/advisories?name=MDVSA-2014:106

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/67900

www.securitytracker.com/id/1030337

www.vmware.com/security/advisories/VMSA-2014-0006.html

www.vmware.com/security/advisories/VMSA-2014-0012.html

bugzilla.redhat.com/show_bug.cgi?id=1103598

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

kb.bluecoat.com/index?page=content&id=SA80

kc.mcafee.com/corporate/index?page=content&id=SB10075

lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

marc.info/?l=bugtraq&m=140266410314613&w=2

marc.info/?l=bugtraq&m=140317760000786&w=2

marc.info/?l=bugtraq&m=140389274407904&w=2

marc.info/?l=bugtraq&m=140389355508263&w=2

marc.info/?l=bugtraq&m=140431828824371&w=2

marc.info/?l=bugtraq&m=140448122410568&w=2

marc.info/?l=bugtraq&m=140482916501310&w=2

marc.info/?l=bugtraq&m=140491231331543&w=2

marc.info/?l=bugtraq&m=140499827729550&w=2

marc.info/?l=bugtraq&m=140621259019789&w=2

marc.info/?l=bugtraq&m=140752315422991&w=2

marc.info/?l=bugtraq&m=140904544427729&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

www.novell.com/support/kb/doc.php?id=7015271

www.openssl.org/news/secadv_20140605.txt

8.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

Buffer overflow

References

Related