Description

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Remediation

References

CVE-2014-0221

Related Vulnerabilities

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43721)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5265)

WordPress Plugin Controlled Admin Access Security Bypass (1.5.5)

Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2928)

WordPress Plugin Timetable and Event Schedule by MotoPress Unspecified Vulnerability (2.4.3)

Severity

Medium

Classification

CVE-2014-0221

Tags

Missing Update Known Vulnerabilities