CVE-2014-0195

EPSS 90.91%
Published 05.06.2014 21:55:06
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Affected products Warnungen 0 Metrics 2 CWE 1 References 129

Data is provided by the National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version >= 0.9.8 < 0.9.8za

OpenSSL ≫ OpenSSL Version >= 1.0.0 < 1.0.0m

OpenSSL ≫ OpenSSL Version >= 1.0.1 < 1.0.1h

Mariadb ≫ Mariadb Version >= 10.0.0 < 10.0.13

Opensuse ≫ Leap Version42.1

Opensuse ≫ Opensuse Version13.2

Fedoraproject ≫ Fedora Version19

Fedoraproject ≫ Fedora Version20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	90.91%	0.996

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Third Party Advisory

http://marc.info/?l=bugtraq&m=142660345230545&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

Third Party Advisory

Mailing List

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2014/Dec/23

Third Party Advisory

Mailing List

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Third Party Advisory

http://www.securityfocus.com/archive/1/534161/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

Third Party Advisory

Mailing List

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Third Party Advisory

http://support.apple.com/kb/HT6443

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

Third Party Advisory

http://marc.info/?l=bugtraq&m=140266410314613&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140317760000786&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140389274407904&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140389355508263&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140448122410568&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140482916501310&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140621259019789&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140752315422991&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140904544427729&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://secunia.com/advisories/58939

Not Applicable

http://secunia.com/advisories/59040

Not Applicable

http://secunia.com/advisories/59162

Not Applicable

http://secunia.com/advisories/59175

Not Applicable

http://secunia.com/advisories/59300

Not Applicable

http://secunia.com/advisories/59364

Not Applicable

http://secunia.com/advisories/59413

Not Applicable

http://secunia.com/advisories/59450

Not Applicable

http://secunia.com/advisories/59454

Not Applicable

http://secunia.com/advisories/59490

Not Applicable

http://secunia.com/advisories/59514

Not Applicable

http://secunia.com/advisories/59655

Not Applicable

http://secunia.com/advisories/59721

Not Applicable

http://secunia.com/advisories/60571

Not Applicable

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

Third Party Advisory

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

Broken Link

http://www.openssl.org/news/secadv_20140605.txt

Vendor Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

Broken Link

http://marc.info/?l=bugtraq&m=140431828824371&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://secunia.com/advisories/58337

Not Applicable

http://secunia.com/advisories/58713

Not Applicable

http://secunia.com/advisories/58977

Not Applicable

http://secunia.com/advisories/59287

Not Applicable

http://secunia.com/advisories/59301

Not Applicable

http://secunia.com/advisories/59342

Not Applicable

http://secunia.com/advisories/59437

Not Applicable

http://secunia.com/advisories/59666

Not Applicable

http://secunia.com/advisories/59669

Not Applicable

http://security.gentoo.org/glsa/glsa-201407-05.xml

Third Party Advisory

http://support.citrix.com/article/CTX140876

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676879

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21676889

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21677527

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21678167

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21683332

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

Third Party Advisory

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

Third Party Advisory

http://www.blackberry.com/btsc/KB36051

Third Party Advisory

http://www.fortiguard.com/advisory/FG-IR-14-018/

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg21676356

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg24037783

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

Third Party Advisory

https://kb.bluecoat.com/index?page=content&id=SA80

Broken Link

https://www.novell.com/support/kb/doc.php?id=7015271

Third Party Advisory

http://secunia.com/advisories/58615

Not Applicable

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

Third Party Advisory

http://secunia.com/advisories/58714

Not Applicable

http://secunia.com/advisories/58945

Not Applicable

http://secunia.com/advisories/59126

Not Applicable

http://secunia.com/advisories/59306

Not Applicable

http://secunia.com/advisories/59310

Not Applicable

http://secunia.com/advisories/59449

Not Applicable

http://secunia.com/advisories/59491

Not Applicable

http://secunia.com/advisories/59784

Not Applicable

http://secunia.com/advisories/59990

Not Applicable

http://secunia.com/advisories/61254

Not Applicable

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163

Third Party Advisory

http://secunia.com/advisories/59451

Not Applicable

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048

Broken Link

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002

Broken Link

http://marc.info/?l=bugtraq&m=140491231331543&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=140499827729550&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://secunia.com/advisories/58660

Not Applicable

http://secunia.com/advisories/58743

Not Applicable

http://secunia.com/advisories/58883

Not Applicable

http://secunia.com/advisories/59188

Not Applicable

http://secunia.com/advisories/59189

Not Applicable

http://secunia.com/advisories/59192

Not Applicable

http://secunia.com/advisories/59223

Not Applicable

http://secunia.com/advisories/59305

Not Applicable

http://secunia.com/advisories/59365

Not Applicable

http://secunia.com/advisories/59429

Not Applicable

http://secunia.com/advisories/59441

Not Applicable

http://secunia.com/advisories/59518

Not Applicable

http://secunia.com/advisories/59528

Not Applicable

http://secunia.com/advisories/59530

Not Applicable

http://secunia.com/advisories/59587

Not Applicable

http://secunia.com/advisories/59659

Not Applicable

http://secunia.com/advisories/59895

Not Applicable

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21675821

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676071

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676644

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21678289

Third Party Advisory

http://www.f-secure.com/en/web/labs_global/fsc-2014-6

Third Party Advisory

http://www.ibm.com/support/docview.wss?uid=swg21676793

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2014:106

Broken Link

http://www.securityfocus.com/bid/67900

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1030337

Third Party Advisory

Broken Link

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1103598

Patch

Third Party Advisory

Issue Tracking

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3

https://nvd.nist.gov/vuln/detail/CVE-2014-0195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0195

EUVD