// For flags

CVE-2014-0221

openssl: DoS when sending invalid DTLS handshake

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

La función dtls1_get_message_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h permite a atacantes remotos causar una denegación de servicio (recursión y caída de cliente) a través de un mensaje DTLS hello en una negociación DTLS inválida.

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-12-03 CVE Reserved
  • 2014-06-05 CVE Published
  • 2024-07-22 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
References (128)
URL Tag Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1053.html Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23 Mailing List
http://secunia.com/advisories/58337 Not Applicable
http://secunia.com/advisories/58615 Not Applicable
http://secunia.com/advisories/58713 Not Applicable
http://secunia.com/advisories/58714 Not Applicable
http://secunia.com/advisories/58939 Not Applicable
http://secunia.com/advisories/58945 Not Applicable
http://secunia.com/advisories/58977 Not Applicable
http://secunia.com/advisories/59027 Not Applicable
http://secunia.com/advisories/59120 Not Applicable
http://secunia.com/advisories/59126 Not Applicable
http://secunia.com/advisories/59162 Not Applicable
http://secunia.com/advisories/59167 Not Applicable
http://secunia.com/advisories/59175 Not Applicable
http://secunia.com/advisories/59189 Not Applicable
http://secunia.com/advisories/59192 Not Applicable
http://secunia.com/advisories/59221 Not Applicable
http://secunia.com/advisories/59284 Not Applicable
http://secunia.com/advisories/59287 Not Applicable
http://secunia.com/advisories/59300 Not Applicable
http://secunia.com/advisories/59301 Not Applicable
http://secunia.com/advisories/59306 Not Applicable
http://secunia.com/advisories/59310 Not Applicable
http://secunia.com/advisories/59342 Not Applicable
http://secunia.com/advisories/59364 Not Applicable
http://secunia.com/advisories/59365 Not Applicable
http://secunia.com/advisories/59413 Not Applicable
http://secunia.com/advisories/59429 Not Applicable
http://secunia.com/advisories/59437 Not Applicable
http://secunia.com/advisories/59441 Not Applicable
http://secunia.com/advisories/59449 Not Applicable
http://secunia.com/advisories/59450 Not Applicable
http://secunia.com/advisories/59451 Not Applicable
http://secunia.com/advisories/59454 Not Applicable
http://secunia.com/advisories/59460 Not Applicable
http://secunia.com/advisories/59490 Not Applicable
http://secunia.com/advisories/59491 Not Applicable
http://secunia.com/advisories/59495 Not Applicable
http://secunia.com/advisories/59514 Not Applicable
http://secunia.com/advisories/59518 Not Applicable
http://secunia.com/advisories/59528 Not Applicable
http://secunia.com/advisories/59655 Not Applicable
http://secunia.com/advisories/59659 Not Applicable
http://secunia.com/advisories/59666 Not Applicable
http://secunia.com/advisories/59669 Not Applicable
http://secunia.com/advisories/59721 Not Applicable
http://secunia.com/advisories/59784 Not Applicable
http://secunia.com/advisories/59895 Not Applicable
http://secunia.com/advisories/59990 Not Applicable
http://secunia.com/advisories/60571 Not Applicable
http://secunia.com/advisories/60687 Not Applicable
http://secunia.com/advisories/61254 Not Applicable
http://support.apple.com/kb/HT6443 Third Party Advisory
http://support.citrix.com/article/CTX140876 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673137 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21675821 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676035 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676062 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676071 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676419 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676879 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676889 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677527 Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677695 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677828 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678289 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683332 Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754 Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755 Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756 Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757 Broken Link
http://www.blackberry.com/btsc/KB36051 Third Party Advisory
http://www.fortiguard.com/advisory/FG-IR-14-018 Third Party Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676226 Broken Link
http://www.ibm.com/support/docview.wss?uid=swg21676356 Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676793 Broken Link
http://www.ibm.com/support/docview.wss?uid=swg24037783 Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015264 Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015300 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded Mailing List
http://www.securityfocus.com/bid/67901 Third Party Advisory
http://www.securitytracker.com/id/1030337 Broken Link
http://www.vmware.com/security/advisories/VMSA-2014-0006.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Third Party Advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E Broken Link
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E Broken Link
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846 X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80 Broken Link
https://kc.mcafee.com/corporate/index?page=content&id=SB10075 Broken Link
https://www.novell.com/support/kb/doc.php?id=7015271 Third Party Advisory
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html 2023-11-07
http://marc.info/?l=bugtraq&m=140266410314613&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140317760000786&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140389274407904&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140389355508263&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140431828824371&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140448122410568&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140482916501310&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140491231331543&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140499827729550&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140621259019789&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140752315422991&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=140904544427729&w=2 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1021.html 2023-11-07
http://security.gentoo.org/glsa/glsa-201407-05.xml 2023-11-07
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2014:105 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 2023-11-07
http://www.openssl.org/news/secadv_20140605.txt 2023-11-07
https://access.redhat.com/security/cve/CVE-2014-0221 2014-08-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 0.9.8 < 0.9.8za
Search vendor "Openssl" for product "Openssl" and version " >= 0.9.8 < 0.9.8za"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 1.0.0 < 1.0.0m
Search vendor "Openssl" for product "Openssl" and version " >= 1.0.0 < 1.0.0m"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 1.0.1 < 1.0.1h
Search vendor "Openssl" for product "Openssl" and version " >= 1.0.1 < 1.0.1h"
-
Affected
Redhat
Search vendor "Redhat"
Storage
Search vendor "Redhat" for product "Storage"
2.1
Search vendor "Redhat" for product "Storage" and version "2.1"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
*-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
5
Search vendor "Redhat" for product "Enterprise Linux" and version "5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Affected
Mariadb
Search vendor "Mariadb"
Mariadb
Search vendor "Mariadb" for product "Mariadb"
>= 10.0.0 < 10.0.13
Search vendor "Mariadb" for product "Mariadb" and version " >= 10.0.0 < 10.0.13"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
19
Search vendor "Fedoraproject" for product "Fedora" and version "19"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
20
Search vendor "Fedoraproject" for product "Fedora" and version "20"
-
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
42.1
Search vendor "Opensuse" for product "Leap" and version "42.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
12
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
12
Search vendor "Suse" for product "Linux Enterprise Server" and version "12"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
12
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Workstation Extension
Search vendor "Suse" for product "Linux Enterprise Workstation Extension"
12
Search vendor "Suse" for product "Linux Enterprise Workstation Extension" and version "12"
-
Affected