Lucene search

PRIOn knowledge basePRION:CVE-2014-0221

HistoryJun 05, 2014 - 9:55 p.m.

Design/Logic Flaw

2014-06-0521:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.968 High

EPSS

Percentile

99.6%

JSON

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

CPENameOperatorVersion
fedoraeq20
fedoraeq19
mariadbge10.0.0
mariadblt10.0.13
opensslge1.0.0
openssllt1.0.0
opensslge1.0.1
openssllt1.0.1
opensslge0.9.8
openssllt0.9.8

Name	Operator	Version
fedora	eq	20
fedora	eq	19
mariadb	ge	10.0.0
mariadb	lt	10.0.13
openssl	ge	1.0.0
openssl	lt	1.0.0
openssl	ge	1.0.1
openssl	lt	1.0.1
openssl	ge	0.9.8
openssl	lt	0.9.8

Rows per page:

1-10 of 191

References

aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

linux.oracle.com/errata/ELSA-2014-1053.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

rhn.redhat.com/errata/RHSA-2014-1021.html

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/58337

secunia.com/advisories/58615

secunia.com/advisories/58713

secunia.com/advisories/58714

secunia.com/advisories/58939

secunia.com/advisories/58945

secunia.com/advisories/58977

secunia.com/advisories/59027

secunia.com/advisories/59120

secunia.com/advisories/59126

secunia.com/advisories/59162

secunia.com/advisories/59167

secunia.com/advisories/59175

secunia.com/advisories/59189

secunia.com/advisories/59192

secunia.com/advisories/59221

secunia.com/advisories/59284

secunia.com/advisories/59287

secunia.com/advisories/59300

secunia.com/advisories/59301

secunia.com/advisories/59306

secunia.com/advisories/59310

secunia.com/advisories/59342

secunia.com/advisories/59364

secunia.com/advisories/59365

secunia.com/advisories/59413

secunia.com/advisories/59429

secunia.com/advisories/59437

secunia.com/advisories/59441

secunia.com/advisories/59449

secunia.com/advisories/59450

secunia.com/advisories/59451

secunia.com/advisories/59454

secunia.com/advisories/59460

secunia.com/advisories/59490

secunia.com/advisories/59491

secunia.com/advisories/59495

secunia.com/advisories/59514

secunia.com/advisories/59518

secunia.com/advisories/59528

secunia.com/advisories/59655

secunia.com/advisories/59659

secunia.com/advisories/59666

secunia.com/advisories/59669

secunia.com/advisories/59721

secunia.com/advisories/59784

secunia.com/advisories/59895

secunia.com/advisories/59990

secunia.com/advisories/60571

secunia.com/advisories/60687

secunia.com/advisories/61254

security.gentoo.org/glsa/glsa-201407-05.xml

support.apple.com/kb/HT6443

support.citrix.com/article/CTX140876

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

www-01.ibm.com/support/docview.wss?uid=isg400001841

www-01.ibm.com/support/docview.wss?uid=isg400001843

www-01.ibm.com/support/docview.wss?uid=nas8N1020163

www-01.ibm.com/support/docview.wss?uid=swg21673137

www-01.ibm.com/support/docview.wss?uid=swg21675821

www-01.ibm.com/support/docview.wss?uid=swg21676035

www-01.ibm.com/support/docview.wss?uid=swg21676062

www-01.ibm.com/support/docview.wss?uid=swg21676071

www-01.ibm.com/support/docview.wss?uid=swg21676419

www-01.ibm.com/support/docview.wss?uid=swg21676879

www-01.ibm.com/support/docview.wss?uid=swg21676889

www-01.ibm.com/support/docview.wss?uid=swg21677527

www-01.ibm.com/support/docview.wss?uid=swg21677695

www-01.ibm.com/support/docview.wss?uid=swg21677828

www-01.ibm.com/support/docview.wss?uid=swg21678167

www-01.ibm.com/support/docview.wss?uid=swg21678289

www-01.ibm.com/support/docview.wss?uid=swg21683332

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

www.blackberry.com/btsc/KB36051

www.fortiguard.com/advisory/FG-IR-14-018/

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

www.ibm.com/support/docview.wss?uid=swg21676226

www.ibm.com/support/docview.wss?uid=swg21676356

www.ibm.com/support/docview.wss?uid=swg21676793

www.ibm.com/support/docview.wss?uid=swg24037783

www.mandriva.com/security/advisories?name=MDVSA-2014:105

www.mandriva.com/security/advisories?name=MDVSA-2014:106

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.novell.com/support/kb/doc.php?id=7015264

www.novell.com/support/kb/doc.php?id=7015300

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/67901

www.securitytracker.com/id/1030337

www.vmware.com/security/advisories/VMSA-2014-0006.html

www.vmware.com/security/advisories/VMSA-2014-0012.html

www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E

www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E

bugzilla.redhat.com/show_bug.cgi?id=1103593

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

kb.bluecoat.com/index?page=content&id=SA80

kc.mcafee.com/corporate/index?page=content&id=SB10075

lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

marc.info/?l=bugtraq&m=140266410314613&w=2

marc.info/?l=bugtraq&m=140317760000786&w=2

marc.info/?l=bugtraq&m=140389274407904&w=2

marc.info/?l=bugtraq&m=140389355508263&w=2

marc.info/?l=bugtraq&m=140431828824371&w=2

marc.info/?l=bugtraq&m=140448122410568&w=2

marc.info/?l=bugtraq&m=140482916501310&w=2

marc.info/?l=bugtraq&m=140491231331543&w=2

marc.info/?l=bugtraq&m=140499827729550&w=2

marc.info/?l=bugtraq&m=140621259019789&w=2

marc.info/?l=bugtraq&m=140752315422991&w=2

marc.info/?l=bugtraq&m=140904544427729&w=2

www.novell.com/support/kb/doc.php?id=7015271

www.openssl.org/news/secadv_20140605.txt

7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.968 High

EPSS

Percentile

99.6%

JSON

Design/Logic Flaw

References

Related