The dtls1_get_message_fragment function in d1_both.c in OpenSSL before
0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote
attackers to cause a denial of service (recursion and client crash) via a
DTLS hello message in an invalid DTLS handshake.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchopenssl< 0.9.8k-7ubuntu8.18UNKNOWN
ubuntu12.04noarchopenssl< 1.0.1-4ubuntu5.14UNKNOWN
ubuntu13.10noarchopenssl< 1.0.1e-3ubuntu1.4UNKNOWN
ubuntu14.04noarchopenssl< 1.0.1f-1ubuntu2.2UNKNOWN
ubuntu12.04noarchopenssl098< 0.9.8o-7ubuntu3.2UNKNOWN
ubuntu13.10noarchopenssl098< 0.9.8o-7ubuntu3.2.13.10.1UNKNOWN
ubuntu14.04noarchopenssl098< 0.9.8o-7ubuntu3.2.14.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	openssl	< 0.9.8k-7ubuntu8.18	UNKNOWN
ubuntu	12.04	noarch	openssl	< 1.0.1-4ubuntu5.14	UNKNOWN
ubuntu	13.10	noarch	openssl	< 1.0.1e-3ubuntu1.4	UNKNOWN
ubuntu	14.04	noarch	openssl	< 1.0.1f-1ubuntu2.2	UNKNOWN
ubuntu	12.04	noarch	openssl098	< 0.9.8o-7ubuntu3.2	UNKNOWN
ubuntu	13.10	noarch	openssl098	< 0.9.8o-7ubuntu3.2.13.10.1	UNKNOWN
ubuntu	14.04	noarch	openssl098	< 0.9.8o-7ubuntu3.2.14.04.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2014-0221

nvd.nist.gov/vuln/detail/CVE-2014-0221

security-tracker.debian.org/tracker/CVE-2014-0221

ubuntu.com/security/notices/USN-2232-1

www.cve.org/CVERecord?id=CVE-2014-0221

www.openssl.org/news/secadv_20140605.txt

cve 1

f5 2

debiancve 1

veracode 2

mariadbunix 1

prion 1

openvas 39

nessus 76

openssl 1

checkpoint_advisories 1

suse 6

ibm 28

ubuntu 4

freebsd_advisory 1

debian 4

freebsd 1

mageia 1

osv 2

redhat 5

aix 1

centos 2

securityvulns 2

citrix 1

oraclelinux 4

slackware 1

thn 1

vmware 1

gentoo 1

huawei 1

fortinet 1

intel 1

cisco 1

amazon 1

fedora 3

cve

CVE-2014-0221

2014-06-05 21:55:00

K15343 : OpenSSL vulnerability CVE-2014-0221

2015-11-09 00:00:00

SOL15343 - OpenSSL vulnerability CVE-2014-0221

2014-06-16 00:00:00

debiancve

CVE-2014-0221

2014-06-05 21:55:00

veracode

Denial Of Service (DoS) Through Recursion

2019-01-15 08:59:10

Denial Of Service (DoS) Through Recursion

2017-02-07 02:18:10

mariadbunix

CVE-2014-0221

2014-06-05 21:55:06

prion

Design/Logic Flaw

2014-06-05 21:55:00

openvas

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-1121)

2020-02-24 00:00:00

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2022-2717)

2022-11-07 00:00:00

SUSE: Security Advisory for OpenSSL (SUSE-SU-2014:0759-1)

2015-10-13 00:00:00

nessus

EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2020-1121)

2020-02-24 00:00:00

F5 Networks BIG-IP : OpenSSL vulnerability (SOL15343)

2014-10-10 00:00:00

Rockwell Automation Stratix DTLS Recursion Flaw (CVE-2014-0221)

2023-11-15 00:00:00

openssl

Vulnerability in OpenSSL CVE-2014-0221

2014-06-05 00:00:00

checkpoint_advisories

OpenSSL DTLS Hello Message Denial of Service (CVE-2014-0221)

2014-06-08 00:00:00

suse

Security update for OpenSSL (critical)

2014-06-07 01:04:17

Security update for OpenSSL (critical)

2014-06-06 00:04:19

Security update for OpenSSL (critical)

2014-06-06 01:05:59

ibm

Security Bulletin: IBM Tivoli Network Manager IP Edition V39 Fix Pack 4 HTTPS support for Perl Collector install is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470)

2018-06-17 14:42:56

Security Bulletin: Tivoli Workload Scheduler is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470

2018-06-17 14:44:05

Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470)

2018-06-17 14:42:46

ubuntu

OpenSSL regression

2014-06-23 00:00:00

OpenSSL regression

2014-08-18 00:00:00

OpenSSL regression

2014-06-12 00:00:00

freebsd_advisory

FreeBSD-SA-14:14.openssl

2014-06-05 00:00:00

debian

[SECURITY] [DSA 2950-2] openssl update

2014-06-16 18:21:12

openssl security update

2014-06-05 19:36:19

openssl security update

2014-06-05 19:36:04

freebsd

OpenSSL -- multiple vulnerabilities

2014-06-05 00:00:00

mageia

Updated openssl packages fix multiple vulnerabilties

2014-06-06 14:31:01

osv

openssl - security update

2014-06-05 00:00:00

openssl - security update

2014-06-05 00:00:00

redhat

(RHSA-2014:1053) Moderate: openssl security update

2014-08-13 00:00:00

(RHSA-2014:0628) Important: openssl security update

2014-06-05 00:00:00

(RHSA-2014:0679) Important: openssl security update

2014-06-10 00:00:00

aix

AIX OpenSSL Vulnerabilities (Multiple CVEs)

2014-06-11 06:39:27

centos

openssl security update

2014-08-13 19:52:24

openssl security update

2014-06-05 13:06:47

securityvulns

OpenSSL multiple security vulnerabilities

2014-06-06 00:00:00

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

2014-08-26 00:00:00

citrix

Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)

2014-06-06 04:00:00

oraclelinux

openssl security update

2014-06-05 00:00:00

openssl security update

2014-07-23 00:00:00

openssl security update

2014-08-13 00:00:00

slackware

[slackware-security] openssl

2014-06-06 05:27:11

thn

OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs

2014-06-05 05:49:00

vmware

VMware product updates address OpenSSL security vulnerabilities

2014-06-10 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2014-07-27 00:00:00

huawei

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

2014-06-13 00:00:00

fortinet

Multiple Vulnerabilities in OpenSSL

2014-06-06 00:00:00

intel

Multiple Security Issues with Intel® Manycore Platform Software Stack (Intel® MPSS) release 3.x

2014-08-26 00:00:00

cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

2014-06-05 22:40:00

amazon

Important: openssl

2014-06-04 15:45:00

fedora

[SECURITY] Fedora 20 Update: openssl-1.0.1e-38.fc20

2014-06-05 21:55:11

[SECURITY] Fedora 19 Update: openssl-1.0.1e-38.fc19

2014-06-05 21:54:15

[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21

2015-01-02 05:06:53

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.966 High

EPSS

Percentile

99.6%

JSON

Related for UB:CVE-2014-0221