Description

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Remediation

References

CVE-2014-0221

Related Vulnerabilities

WordPress Plugin Job Board Vanila Cross-Site Scripting (1.0)

WordPress Plugin Downloads Manager 'upload.php' Arbitrary File Upload (0.2)

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2005-4838)

WordPress Plugin WordLift-AI powered SEO-Schema Cross-Site Scripting (3.37.1)

MySQL Other Vulnerability (CVE-2010-3681)

Severity

Medium

Classification

CVE-2014-0221

Tags

Missing Update Known Vulnerabilities