CVE - CVE-2014-0195

CVE-ID
CVE-2014-0195	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:67900 URL:http://www.securityfocus.com/bid/67900 BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded CISCO:20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl CONFIRM:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 CONFIRM:http://support.apple.com/kb/HT6443 CONFIRM:http://support.citrix.com/article/CTX140876 CONFIRM:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg400001841 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg400001843 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21673137 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675821 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676035 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676062 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676071 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676419 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676644 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676879 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676889 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677527 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677695 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677828 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678167 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678289 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21683332 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 CONFIRM:http://www.blackberry.com/btsc/KB36051 CONFIRM:http://www.f-secure.com/en/web/labs_global/fsc-2014-6 CONFIRM:http://www.fortiguard.com/advisory/FG-IR-14-018/ CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21676356 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21676793 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg24037783 CONFIRM:http://www.openssl.org/news/secadv_20140605.txt CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0006.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1103598 CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA80 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10075 CONFIRM:https://www.novell.com/support/kb/doc.php?id=7015271 FEDORA:FEDORA-2014-9301 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html FEDORA:FEDORA-2014-9308 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 GENTOO:GLSA-201407-05 URL:http://security.gentoo.org/glsa/glsa-201407-05.xml HP:HPSBGN03050 URL:http://marc.info/?l=bugtraq&m=140482916501310&w=2 HP:HPSBHF03293 URL:http://marc.info/?l=bugtraq&m=142660345230545&w=2 HP:HPSBMU03051 URL:http://marc.info/?l=bugtraq&m=140448122410568&w=2 HP:HPSBMU03055 URL:http://marc.info/?l=bugtraq&m=140431828824371&w=2 HP:HPSBMU03056 URL:http://marc.info/?l=bugtraq&m=140389355508263&w=2 HP:HPSBMU03057 URL:http://marc.info/?l=bugtraq&m=140389274407904&w=2 HP:HPSBMU03062 URL:http://marc.info/?l=bugtraq&m=140752315422991&w=2 HP:HPSBMU03065 URL:http://marc.info/?l=bugtraq&m=140491231331543&w=2 HP:HPSBMU03069 URL:http://marc.info/?l=bugtraq&m=140499827729550&w=2 HP:HPSBMU03074 URL:http://marc.info/?l=bugtraq&m=140621259019789&w=2 HP:HPSBMU03076 URL:http://marc.info/?l=bugtraq&m=140904544427729&w=2 HP:HPSBOV03047 URL:http://marc.info/?l=bugtraq&m=140317760000786&w=2 HP:HPSBUX03046 URL:http://marc.info/?l=bugtraq&m=140266410314613&w=2 HP:SSRT101590 URL:http://marc.info/?l=bugtraq&m=140266410314613&w=2 HP:SSRT101846 URL:http://marc.info/?l=bugtraq&m=142660345230545&w=2 MANDRIVA:MDVSA-2014:106 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2014:106~~ (Obsolete source) MANDRIVA:MDVSA-2015:062 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:062~~ (Obsolete source) MISC:http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048 MISC:http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002 SECTRACK:1030337 URL:http://www.securitytracker.com/id/1030337 SECUNIA:58337 URL:http://secunia.com/advisories/58337 SECUNIA:58615 URL:http://secunia.com/advisories/58615 SECUNIA:58660 URL:http://secunia.com/advisories/58660 SECUNIA:58713 URL:http://secunia.com/advisories/58713 SECUNIA:58714 URL:http://secunia.com/advisories/58714 SECUNIA:58743 URL:http://secunia.com/advisories/58743 SECUNIA:58883 URL:http://secunia.com/advisories/58883 SECUNIA:58939 URL:http://secunia.com/advisories/58939 SECUNIA:58945 URL:http://secunia.com/advisories/58945 SECUNIA:58977 URL:http://secunia.com/advisories/58977 SECUNIA:59040 URL:http://secunia.com/advisories/59040 SECUNIA:59126 URL:http://secunia.com/advisories/59126 SECUNIA:59162 URL:http://secunia.com/advisories/59162 SECUNIA:59175 URL:http://secunia.com/advisories/59175 SECUNIA:59188 URL:http://secunia.com/advisories/59188 SECUNIA:59189 URL:http://secunia.com/advisories/59189 SECUNIA:59192 URL:http://secunia.com/advisories/59192 SECUNIA:59223 URL:http://secunia.com/advisories/59223 SECUNIA:59287 URL:http://secunia.com/advisories/59287 SECUNIA:59300 URL:http://secunia.com/advisories/59300 SECUNIA:59301 URL:http://secunia.com/advisories/59301 SECUNIA:59305 URL:http://secunia.com/advisories/59305 SECUNIA:59306 URL:http://secunia.com/advisories/59306 SECUNIA:59310 URL:http://secunia.com/advisories/59310 SECUNIA:59342 URL:http://secunia.com/advisories/59342 SECUNIA:59364 URL:http://secunia.com/advisories/59364 SECUNIA:59365 URL:http://secunia.com/advisories/59365 SECUNIA:59413 URL:http://secunia.com/advisories/59413 SECUNIA:59429 URL:http://secunia.com/advisories/59429 SECUNIA:59437 URL:http://secunia.com/advisories/59437 SECUNIA:59441 URL:http://secunia.com/advisories/59441 SECUNIA:59449 URL:http://secunia.com/advisories/59449 SECUNIA:59450 URL:http://secunia.com/advisories/59450 SECUNIA:59451 URL:http://secunia.com/advisories/59451 SECUNIA:59454 URL:http://secunia.com/advisories/59454 SECUNIA:59490 URL:http://secunia.com/advisories/59490 SECUNIA:59491 URL:http://secunia.com/advisories/59491 SECUNIA:59514 URL:http://secunia.com/advisories/59514 SECUNIA:59518 URL:http://secunia.com/advisories/59518 SECUNIA:59528 URL:http://secunia.com/advisories/59528 SECUNIA:59530 URL:http://secunia.com/advisories/59530 SECUNIA:59587 URL:http://secunia.com/advisories/59587 SECUNIA:59655 URL:http://secunia.com/advisories/59655 SECUNIA:59659 URL:http://secunia.com/advisories/59659 SECUNIA:59666 URL:http://secunia.com/advisories/59666 SECUNIA:59669 URL:http://secunia.com/advisories/59669 SECUNIA:59721 URL:http://secunia.com/advisories/59721 SECUNIA:59784 URL:http://secunia.com/advisories/59784 SECUNIA:59895 URL:http://secunia.com/advisories/59895 SECUNIA:59990 URL:http://secunia.com/advisories/59990 SECUNIA:60571 URL:http://secunia.com/advisories/60571 SECUNIA:61254 URL:http://secunia.com/advisories/61254 SUSE:SUSE-SU-2015:0743 URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html SUSE:openSUSE-SU-2016:0640 URL:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20131203	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)