CVE-2014-0221
published 2014-06-05CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | openssl | < openssl 1.0.1h-1 (bookworm) | openssl 1.0.1h-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mariadb | mariadb | >= 10.0.0 < 10.0.13 | 10.0.13 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1h-1 | 1.0.1h-1 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.3 | 1.0.1f-1ubuntu2.3 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.4 | 1.0.1f-1ubuntu2.4 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.2 | 1.0.1f-1ubuntu2.2 |
| openssl | openssl | >= 0.9.8 < 0.9.8za | 0.9.8za |
| openssl | openssl | >= 1.0.0 < 1.0.0m | 1.0.0m |
| openssl | openssl | >= 1.0.1 < 1.0.1h | 1.0.1h |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | storage | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_server | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | linux_enterprise_workstation_extension | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.8MEDIUM