OpenSSL DTLS Hello Message Denial of Service (CVE-2014-0221)

A Denial of Service vulnerability has been reported in older versions of OpenSSL. The vulnerability is due to a DTLS recursion flaw. A remote attacker can exploit this vulnerability by sending an invalid DTLS handshake to an OpenSSL DTLS client...

update to version 1.0.0m (critical)

The openssl library was updated to version 1.0.0m fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. -...

OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple Vulnerabilities

Binary data 801619.prm...

CVE-2014-0221

The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake...

CVE-2014-0221

The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake...

UBUNTU-CVE-2014-0221

The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake...

Vulnerability in OpenSSL - DTLS recursion flaw

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. Found by Imre Rad Search-Lab Ltd...

OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple Vulnerabilities

Binary data 8253.prm...

CVE-2013-1864

The Portable Tool Library aka PTLib before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted PXML document containing a large number of nested enti...

CVE-2013-1864

The Portable Tool Library aka PTLib before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted PXML document containing a large number of nested enti...

Design/Logic Flaw

The Portable Tool Library aka PTLib before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted PXML document containing a large number of nested enti...

CVE-2013-1864

The CVE-2013-1864 issue affects PTLib (Portable Tool Library) before 2.10.10 as used in Ekiga before 4.0.1. The vulnerability arises from improper detection of recursion during entity expansion, enabling a remote attacker to cause a denial of service via crafted PXML documents with a very large n...

Design/Logic Flaw

SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted SOAP request containing a large number of nested entity references...

CVE-2014-3243

The CVE-2014-3243 issue affects SOAPpy 0.12.5, where recursion during entity expansion is not properly detected, allowing remote attackers to trigger a denial of service via crafted SOAP requests with deeply nested entity references. This is a network‑based vulnerability with memory and CPU impac...

RedHat Update for kernel RHSA-2014:0433-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for kernel CESA-2014:0433 centos5

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2014:0433 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Mandriva Linux Security Advisory : file (MDVSA-2014:051)

Updated file package fixes security vulnerability : It was discovered that file before 5.17 contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files CVE-2014-1943. Additionally,...

Fedora 20 : php-5.5.10-1.fc20 (2014-3534)

Excerpt from upstream NEWS: 06 Mar 2014, PHP 5.5.10 Core : - Fixed Request 66574i Allow multiple paths in phpiniscannedpath. Remi Date : - Fixed bug 45528 Allow the DateTimeZone constructor to accept timezones per offset too. Derick Fileinfo : - Fixed bug 66731 file: infinite recursion...

Debian DSA-2868-1 : php5 - denial of service

It was discovered that file, a file type classification tool, contains a flaw in the handling of 'indirect' magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID...

Debian Security Advisory DSA 2868-1 (php5 - denial of service)

It was discovered that file, a file type classification tool, contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID...