CVE-2014-0195
published 2014-06-05CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment…
PriorityP263medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
99.98%
100.0th percentile
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | openssl | < openssl 1.0.1h-1 (bookworm) | openssl 1.0.1h-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mariadb | mariadb | >= 10.0.0 < 10.0.13 | 10.0.13 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.3 | 1.0.1f-1ubuntu2.3 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.4 | 1.0.1f-1ubuntu2.4 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.2 | 1.0.1f-1ubuntu2.2 |
| openssl | openssl | >= 0.9.8 < 0.9.8za | 0.9.8za |
| openssl | openssl | >= 1.0.0 < 1.0.0m | 1.0.0m |
| openssl | openssl | >= 1.0.1 < 1.0.1h | 1.0.1h |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| paloalto | cortex_xdr | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect DTLS ClientHello messages with multiple fragments where later fragment lengths are larger than the first fragment — this is the specific malformed condition triggering the buffer overflow. ↗
- →Monitor for exploitation of dtls1_reassemble_fragment via long non-initial DTLS fragments — the vulnerable function is dtls1_reassemble_fragment in d1_both.c. ↗
- →Focus detection on DTLS (UDP-based TLS) traffic; the vulnerability is specific to DTLS and does not affect standard TLS over TCP. ↗
- ·Red Hat Enterprise Linux 5 openssl, openssl097a, and several JBoss/EAP/EWS packages are NOT affected — avoid false-positive alerting on these platforms. ↗
- ·Red Hat Enterprise Linux 6 openssl098e and guest-images are NOT affected. ↗
- ·On Ubuntu, the vulnerability only affects 12.04 LTS, 13.10, and 14.04 LTS — scope detection accordingly. ↗
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_cisco10.0CRITICAL
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
vendor_paloalto·2024-11-07·CVSS 6.8
CVE-2014-0195 [MEDIUM] PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the
CVEs: CVE-2014-0195, CVE-2014-0224, CVE-2014-3509, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2015-0209, CVE-2015-0292, CVE-2015-1789, CVE-2015-1791, CVE-2015-1793, CVE-2015-3194, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2019-1551, CVE-2019-1552, CVE-2019-1559, CVE-2019-1563, CVE-2020-196
CISA ICS
Rockwell Automation Stratix 5900
cisa_ics·2017-05-10
Rockwell Automation Stratix 5900
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation Stratix 5900
Last RevisedMay 10, 2017
Alert CodeICSA-17-094-04
## CVSS v3 10.0
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Rockwell Automation
Equipment: Stratix 5900
Vulnerabilities: Improper Input Validation, Resource Management Errors, Improper Authentication, Path Traversal.
## REPOSTED INFORMATION
This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site.
## AFFECTED PRODUCTS
Rockwell Automation reports that these vulnerabilities affect the following Strat
Ubuntu
OpenSSL regression
vendor_ubuntu·2014-08-18·CVSS 6.8
[MEDIUM] OpenSSL regression
Title: OpenSSL regression
Summary: USN-2232-1 introduced a regression in OpenSSL.
USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for
Ubuntu 10.04 LTS caused a regression for certain applications. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
fragments. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
remote attacker could use this issue to cause OpenSSL to crash, resulting
in a denial of service.
Ubuntu
OpenSSL regression
vendor_ubuntu·2014-06-23·CVSS 6.8
CVE-2014-0224 [MEDIUM] OpenSSL regression
Title: OpenSSL regression
Summary: USN-2232-1 introduced a regression in OpenSSL.
USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for
CVE-2014-0224 caused a regression for certain applications that use
renegotiation, such as PostgreSQL. This update fixes the problem.
Original advisory details:
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
fragments. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
remote attacker could use this issue to cause OpenSSL to crash, resulting
in a denial of service. (CVE-2
Ubuntu
OpenSSL regression
vendor_ubuntu·2014-06-12·CVSS 6.8
CVE-2014-0224 [MEDIUM] OpenSSL regression
Title: OpenSSL regression
Summary: USN-2232-1 introduced a regression in OpenSSL.
USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for
CVE-2014-0224 caused a regression for certain applications that use
tls_session_secret_cb, such as wpa_supplicant. This update fixes the
problem.
Original advisory details:
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
fragments. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
remote attacker could use this issue to cause OpenSSL to crash, resulting
in a denial of ser
Red Hat
openssl: Buffer overflow via DTLS invalid fragment
vendor_redhat·2014-06-05·CVSS 6.8
CVE-2014-0195 [MEDIUM] CWE-119 openssl: Buffer overflow via DTLS invalid fragment
openssl: Buffer overflow via DTLS invalid fragment
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Statement: This issue does not affect the version of openssl as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6.
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: guest-images (Red Hat Enterprise Linux 6) - Not af
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2014-06-05·CVSS 6.8
CVE-2014-0195 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
fragments. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
remote attacker could use this issue to cause OpenSSL to crash, resulting
in a denial of service. (CVE-2014-0221)
KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could use this flaw to perform a
machine-in-the-middle attack and possibly decrypt and modify traffic.
(CVE-2014-02
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
vendor_cisco·2014-06-05·CVSS 10.0
CVE-2010-5298 [CRITICAL] Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:
SSL/TLS Man-in-the-Middle Vulnerability
DTLS Recursion Flaw Vulnerability
DTLS Invalid Fragment Vulnerability
SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability
SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability
Anonymous ECDH Denial of Service Vulnerab
BSD
FreeBSD-SA-14:14.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2014-06-05·CVSS 6.8
CVE-2014-0195 [MEDIUM] FreeBSD-SA-14:14.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-14:14.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2014-06-05
Affects: All supported versions of FreeBSD.
Corrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE)
2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5)
2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1)
2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2)
2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8)
2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15)
2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE)
2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12)
CVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above,
Debian
CVE-2014-0195: openssl - The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1...
vendor_debian·2014·CVSS 6.8
CVE-2014-0195 [MEDIUM] CVE-2014-0195: openssl - The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1...
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Scope: local
bookworm: resolved (fixed in 1.0.1h-1)
bullseye: resolved (fixed in 1.0.1h-1)
forky: resolved (fixed in 1.0.1h-1)
sid: resolved (fixed in 1.0.1h-1)
trixie: resolved (fixed in 1.0.1h-1)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
vendor_cisco
CVE-2014-0195 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
CVE-2014-0195: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows: SSL/TLS Man-in-the-Middle Vulnerability DTLS Recursion Flaw Vulnerability DTLS Invalid Fragment Vulnerability SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability Anonymous ECDH Denial of Ser
GHSA
GHSA-r4qw-hxm9-9pf9: The dtls1_reassemble_fragment function in d1_both
ghsa_unreviewed·2022-05-14
CVE-2014-0195 [MEDIUM] CWE-119 GHSA-r4qw-hxm9-9pf9: The dtls1_reassemble_fragment function in d1_both
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
OSV
openssl regression
osv·2014-06-23·CVSS 6.8
CVE-2014-0224 [MEDIUM] openssl regression
openssl regression
USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for
CVE-2014-0224 caused a regression for certain applications that use
renegotiation, such as PostgreSQL. This update fixes the problem.
Original advisory details:
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
fragments. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
remote attacker could use this issue to cause OpenSSL to crash, resulting
in a denial of service. (CVE-2014-0221)
KIKUCHI Masashi discovered that OpenSSL incorrectly h
OSV
openssl regression
osv·2014-06-12·CVSS 6.8
CVE-2014-0224 [MEDIUM] openssl regression
openssl regression
USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for
CVE-2014-0224 caused a regression for certain applications that use
tls_session_secret_cb, such as wpa_supplicant. This update fixes the
problem.
Original advisory details:
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
fragments. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
remote attacker could use this issue to cause OpenSSL to crash, resulting
in a denial of service. (CVE-2014-0221)
KIKUCHI Masashi discovered that OpenSSL i
OSV
openssl vulnerabilities
osv·2014-06-05·CVSS 6.8
CVE-2014-0195 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS
fragments. A remote attacker could use this issue to cause OpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A
remote attacker could use this issue to cause OpenSSL to crash, resulting
in a denial of service. (CVE-2014-0221)
KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain
handshakes. A remote attacker could use this flaw to perform a
machine-in-the-middle attack and possibly decrypt and modify traffic.
(CVE-2014-0224)
Felix Gröbert and Ivan Fratrić discovered that OpenSSL inco
OSV
CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both
osv·2014-06-05·CVSS 6.8
CVE-2014-0195 [MEDIUM] CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Suricata
ET EXPLOIT SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195
suricata·2014-06-13·CVSS 6.8
CVE-2014-0195 [MEDIUM] ET EXPLOIT SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195
ET EXPLOIT SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195"; content:"|16 fe ff 00 00 00 00 00 00 00|"; depth:10; content:"|01|"; distance:3; within:1; byte_test:3,>,0,0,relative; byte_test:3,>,0,8,relative; byte_extract:3,0,frag_len,relative; byte_jump:3,5,relative; content:"|01|"; within:1; byte_test:3,!=,frag_len,0,relative; reference:url,h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002; classtype:attempted-user; sid:2018560; rev:3; metadata:created_at 2014_06_13, cve CVE_2014_0195, confidence Medium, signature_severity Major, updated_at 2020_08_19, reviewed_at 2
Bugzilla
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [epel-7]
bugzilla·2014-08-07·CVSS 4.0
CVE-2014-0221 [MEDIUM] CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [epel-7]
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [epel-7]
The unfixed package from Fedora was added to EPEL-7.
+++ This bug was initially created as a clone of Bug #1096234 +++
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relev
Bugzilla
CVE-2014-3470 CVE-2014-0221 CVE-2014-0224 CVE-2014-0195 mingw32-openssl: various flaws [epel-5]
bugzilla·2014-08-07·CVSS 6.8
CVE-2014-3470 [MEDIUM] CVE-2014-3470 CVE-2014-0221 CVE-2014-0224 CVE-2014-0195 mingw32-openssl: various flaws [epel-5]
CVE-2014-3470 CVE-2014-0221 CVE-2014-0224 CVE-2014-0195 mingw32-openssl: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-5 tracking bug for mingw32-o
Bugzilla
CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment
bugzilla·2014-06-02·CVSS 6.8
CVE-2014-0195 [MEDIUM] CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment
CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment
As per the upstream advisory:
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Acknowledgements:
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Jüri Aedla as the original reporter of this issue.
Discussion:
Created attachment 901375
Upstream patch
---
This issue was introduced upstream in version 0.9.
Bugzilla
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 openssl: various flaws [fedora-all]
bugzilla·2014-05-09·CVSS 4.0
CVE-2014-0221 [MEDIUM] CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 openssl: various flaws [fedora-all]
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when avai
Bugzilla
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [fedora-all]
bugzilla·2014-05-09·CVSS 4.0
CVE-2014-0221 [MEDIUM] CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [fedora-all]
CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field whe
arXiv
Symbolic Execution in Practice: A Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis
arxiv_fulltext·2025-08-08
Symbolic Execution in Practice: A Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis
## Introduction
Program testing is an essential aspect of software development. Testing not only helps to verify a program's capabilities, it also uncovers potential vulnerabilities that adversaries could exploit, and offers an opportunity to verify the correctness of an implementation. Traditionally, program verification relied on rigorous formal methods to prove the correctness of a program; while testing, it could be said, used a more practical, but less exhaustive approach where inputs were carefully chosen and run against the program. The outputs were manually inspected and compared against expected outcomes . Although formal methods provide strong guarantees about program behavior, its often impractical against large scale software. Simpler testing strategies, while fast, may fail t
Tenable
OpenSSL ChangeCipherSpec Dashboard
blogs_tenable·2014-06-06
OpenSSL ChangeCipherSpec Dashboard
by Steve Tilson June 6, 2014
The OpenSSL ChangeCipherSpec vulnerability is a Man-in-the-Middle attack that can allow an attacker modify the traffic between two hosts during a phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic. This dashboard identifies systems vulnerable to the OpenSSL ChangeCipherSpec vulnerability.
Man-in-the-Middle (MitM) vulnerabilities allow an attacker to insert themselves into a communication channel. While each of the endpoints assume they are communicating directly with each other, all the traffic is in fact flowing through the attacker. This type of h
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.aschttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=140266410314613&w=2http://marc.info/?l=bugtraq&m=140317760000786&w=2http://marc.info/?l=bugtraq&m=140389274407904&w=2http://marc.info/?l=bugtraq&m=140389355508263&w=2http://marc.info/?l=bugtraq&m=140431828824371&w=2http://marc.info/?l=bugtraq&m=140448122410568&w=2http://marc.info/?l=bugtraq&m=140482916501310&w=2http://marc.info/?l=bugtraq&m=140491231331543&w=2http://marc.info/?l=bugtraq&m=140499827729550&w=2http://marc.info/?l=bugtraq&m=140621259019789&w=2http://marc.info/?l=bugtraq&m=140752315422991&w=2http://marc.info/?l=bugtraq&m=140904544427729&w=2http://marc.info/?l=bugtraq&m=142660345230545&w=2http://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/58337http://secunia.com/advisories/58615http://secunia.com/advisories/58660http://secunia.com/advisories/58713http://secunia.com/advisories/58714http://secunia.com/advisories/58743http://secunia.com/advisories/58883http://secunia.com/advisories/58939http://secunia.com/advisories/58945http://secunia.com/advisories/58977http://secunia.com/advisories/59040http://secunia.com/advisories/59126http://secunia.com/advisories/59162http://secunia.com/advisories/59175http://secunia.com/advisories/59188http://secunia.com/advisories/59189http://secunia.com/advisories/59192http://secunia.com/advisories/59223http://secunia.com/advisories/59287http://secunia.com/advisories/59300http://secunia.com/advisories/59301http://secunia.com/advisories/59305http://secunia.com/advisories/59306http://secunia.com/advisories/59310http://secunia.com/advisories/59342http://secunia.com/advisories/59364http://secunia.com/advisories/59365http://secunia.com/advisories/59413http://secunia.com/advisories/59429http://secunia.com/advisories/59437http://secunia.com/advisories/59441http://secunia.com/advisories/59449http://secunia.com/advisories/59450http://secunia.com/advisories/59451http://secunia.com/advisories/59454http://secunia.com/advisories/59490http://secunia.com/advisories/59491http://secunia.com/advisories/59514http://secunia.com/advisories/59518http://secunia.com/advisories/59528http://secunia.com/advisories/59530http://secunia.com/advisories/59587http://secunia.com/advisories/59655http://secunia.com/advisories/59659http://secunia.com/advisories/59666http://secunia.com/advisories/59669http://secunia.com/advisories/59721http://secunia.com/advisories/59784http://secunia.com/advisories/59895http://secunia.com/advisories/59990http://secunia.com/advisories/60571http://secunia.com/advisories/61254http://security.gentoo.org/glsa/glsa-201407-05.xmlhttp://support.apple.com/kb/HT6443http://support.citrix.com/article/CTX140876http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslhttp://www-01.ibm.com/support/docview.wss?uid=isg400001841http://www-01.ibm.com/support/docview.wss?uid=isg400001843http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163http://www-01.ibm.com/support/docview.wss?uid=swg21673137http://www-01.ibm.com/support/docview.wss?uid=swg21675821http://www-01.ibm.com/support/docview.wss?uid=swg21676035http://www-01.ibm.com/support/docview.wss?uid=swg21676062http://www-01.ibm.com/support/docview.wss?uid=swg21676071http://www-01.ibm.com/support/docview.wss?uid=swg21676419http://www-01.ibm.com/support/docview.wss?uid=swg21676644http://www-01.ibm.com/support/docview.wss?uid=swg21676879http://www-01.ibm.com/support/docview.wss?uid=swg21676889http://www-01.ibm.com/support/docview.wss?uid=swg21677527http://www-01.ibm.com/support/docview.wss?uid=swg21677695http://www-01.ibm.com/support/docview.wss?uid=swg21677828http://www-01.ibm.com/support/docview.wss?uid=swg21678167http://www-01.ibm.com/support/docview.wss?uid=swg21678289http://www-01.ibm.com/support/docview.wss?uid=swg21683332http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
+ 152 more references
2014-06-05
Published