Description

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Remediation

References

CVE-2014-0221

Related Vulnerabilities

WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2)

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-21518)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15081)

WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)

Oracle Database Server CVE-2006-5344 Vulnerability (CVE-2006-5344)

Severity

Medium

Classification

CVE-2014-0221

Tags

Missing Update Known Vulnerabilities