6.8

CVE-2014-0195

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version >= 0.9.8 < 0.9.8za
OpenSSLOpenSSL Version >= 1.0.0 < 1.0.0m
OpenSSLOpenSSL Version >= 1.0.1 < 1.0.1h
MariadbMariadb Version >= 10.0.0 < 10.0.13
OpensuseLeap Version42.1
OpensuseOpensuse Version13.2
FedoraprojectFedora Version19
FedoraprojectFedora Version20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.98% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
Third Party Advisory
Mailing List
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2014/Dec/23
Third Party Advisory
Mailing List
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
Third Party Advisory
Mailing List
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Third Party Advisory
http://support.apple.com/kb/HT6443
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
Third Party Advisory
http://marc.info/?l=bugtraq&m=140266410314613&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140317760000786&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140389274407904&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140389355508263&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140448122410568&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140482916501310&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140621259019789&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140752315422991&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140904544427729&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/58939
Not Applicable
http://secunia.com/advisories/59040
Not Applicable
http://secunia.com/advisories/59162
Not Applicable
http://secunia.com/advisories/59175
Not Applicable
http://secunia.com/advisories/59300
Not Applicable
http://secunia.com/advisories/59364
Not Applicable
http://secunia.com/advisories/59413
Not Applicable
http://secunia.com/advisories/59450
Not Applicable
http://secunia.com/advisories/59454
Not Applicable
http://secunia.com/advisories/59490
Not Applicable
http://secunia.com/advisories/59514
Not Applicable
http://secunia.com/advisories/59655
Not Applicable
http://secunia.com/advisories/59721
Not Applicable
http://secunia.com/advisories/60571
Not Applicable
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
Broken Link
http://www.openssl.org/news/secadv_20140605.txt
Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
Broken Link
http://marc.info/?l=bugtraq&m=140431828824371&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/58337
Not Applicable
http://secunia.com/advisories/58713
Not Applicable
http://secunia.com/advisories/58977
Not Applicable
http://secunia.com/advisories/59287
Not Applicable
http://secunia.com/advisories/59301
Not Applicable
http://secunia.com/advisories/59342
Not Applicable
http://secunia.com/advisories/59437
Not Applicable
http://secunia.com/advisories/59666
Not Applicable
http://secunia.com/advisories/59669
Not Applicable
http://security.gentoo.org/glsa/glsa-201407-05.xml
Third Party Advisory
http://support.citrix.com/article/CTX140876
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676889
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677527
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21678167
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332
Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
Third Party Advisory
http://www.blackberry.com/btsc/KB36051
Third Party Advisory
http://www.fortiguard.com/advisory/FG-IR-14-018/
Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676356
Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg24037783
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80
Broken Link
https://www.novell.com/support/kb/doc.php?id=7015271
Third Party Advisory
http://secunia.com/advisories/58615
Not Applicable
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
Third Party Advisory
http://secunia.com/advisories/58714
Not Applicable
http://secunia.com/advisories/58945
Not Applicable
http://secunia.com/advisories/59126
Not Applicable
http://secunia.com/advisories/59306
Not Applicable
http://secunia.com/advisories/59310
Not Applicable
http://secunia.com/advisories/59449
Not Applicable
http://secunia.com/advisories/59491
Not Applicable
http://secunia.com/advisories/59784
Not Applicable
http://secunia.com/advisories/59990
Not Applicable
http://secunia.com/advisories/61254
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
Third Party Advisory
http://secunia.com/advisories/59451
Not Applicable
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048
Broken Link
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002
Broken Link
http://marc.info/?l=bugtraq&m=140491231331543&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=140499827729550&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/58660
Not Applicable
http://secunia.com/advisories/58743
Not Applicable
http://secunia.com/advisories/58883
Not Applicable
http://secunia.com/advisories/59188
Not Applicable
http://secunia.com/advisories/59189
Not Applicable
http://secunia.com/advisories/59192
Not Applicable
http://secunia.com/advisories/59223
Not Applicable
http://secunia.com/advisories/59305
Not Applicable
http://secunia.com/advisories/59365
Not Applicable
http://secunia.com/advisories/59429
Not Applicable
http://secunia.com/advisories/59441
Not Applicable
http://secunia.com/advisories/59518
Not Applicable
http://secunia.com/advisories/59528
Not Applicable
http://secunia.com/advisories/59530
Not Applicable
http://secunia.com/advisories/59587
Not Applicable
http://secunia.com/advisories/59659
Not Applicable
http://secunia.com/advisories/59895
Not Applicable
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21675821
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676071
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676644
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678289
Third Party Advisory
http://www.f-secure.com/en/web/labs_global/fsc-2014-6
Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676793
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106
Broken Link
http://www.securityfocus.com/bid/67900
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030337
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1103598
Patch
Third Party Advisory
Issue Tracking
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3