WEB APPLICATION VULNERABILITIES Standard & Premium

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-8176)

Description

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll PHP Object Injection (1.5.5)

WordPress Plugin Simple Dropbox Upload Arbitrary File Upload (1.8.8)

Squid Missing Authentication for Critical Function Vulnerability (CVE-2019-12524)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9783)

MySQL CVE-2021-2308 Vulnerability (CVE-2021-2308)

Severity

High

Classification

CVE-2014-8176 CWE-119

Tags

Missing Update Known Vulnerabilities