CVE-2014-0221 — MEDIUM (4.3)

Q: How severe is CVE-2014-0221?

CVE-2014-0221 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0221?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Redhat Storage, Fedoraproject Fedora, Redhat Enterprise Linux, Mariadb Mariadb.

Vulnerability Description

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Openssl	Openssl	>= 0.9.8, < 0.9.8za
Redhat	Storage	2.1
Fedoraproject	Fedora	All versions
Redhat	Enterprise Linux	5
Mariadb	Mariadb	>= 10.0.0, < 10.0.13
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Suse	Linux Enterprise Desktop	12
Suse	Linux Enterprise Server	12
Suse	Linux Enterprise Software Development Kit	12
Suse	Linux Enterprise Workstation Extension	12

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.ascThird Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1053.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140266410314613&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140317760000786&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140389274407904&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140389355508263&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140431828824371&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140448122410568&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140482916501310&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=140491231331543&w=2Mailing ListThird Party Advisory

FAQ

What is CVE-2014-0221?

CVE-2014-0221 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client ...

How severe is CVE-2014-0221?

CVE-2014-0221 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0221?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Redhat Storage, Fedoraproject Fedora, Redhat Enterprise Linux, Mariadb Mariadb.