CVE-2014-0195 — MEDIUM (6.8)

Q: How severe is CVE-2014-0195?

CVE-2014-0195 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0195?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Mariadb Mariadb, Opensuse Leap, Opensuse Opensuse, Fedoraproject Fedora.

Vulnerability Description

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Openssl	Openssl	>= 0.9.8, < 0.9.8za
Mariadb	Mariadb	>= 10.0.0, < 10.0.13
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Fedoraproject	Fedora	19

Related Weaknesses (CWE)

CWE-120

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.ascThird Party Advisory
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSBroken Link
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-Broken Link
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140266410314613&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140317760000786&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140389274407904&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140389355508263&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140431828824371&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140448122410568&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140482916501310&w=2Issue TrackingMailing ListThird Party Advisory

FAQ

What is CVE-2014-0195?

CVE-2014-0195 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, wh...

How severe is CVE-2014-0195?

CVE-2014-0195 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0195?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Mariadb Mariadb, Opensuse Leap, Opensuse Opensuse, Fedoraproject Fedora.