CVE-2014-0195

MEDIUM

Description

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://marc.info/?l=bugtraq&m=140266410314613&w=2

http://marc.info/?l=bugtraq&m=140317760000786&w=2

http://marc.info/?l=bugtraq&m=140389274407904&w=2

http://marc.info/?l=bugtraq&m=140389355508263&w=2

http://marc.info/?l=bugtraq&m=140431828824371&w=2

http://marc.info/?l=bugtraq&m=140448122410568&w=2

http://marc.info/?l=bugtraq&m=140482916501310&w=2

http://marc.info/?l=bugtraq&m=140491231331543&w=2

http://marc.info/?l=bugtraq&m=140499827729550&w=2

http://marc.info/?l=bugtraq&m=140621259019789&w=2

http://marc.info/?l=bugtraq&m=140752315422991&w=2

http://marc.info/?l=bugtraq&m=140904544427729&w=2

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/58337

http://secunia.com/advisories/58615

http://secunia.com/advisories/58660

http://secunia.com/advisories/58713

http://secunia.com/advisories/58714

http://secunia.com/advisories/58743

http://secunia.com/advisories/58883

http://secunia.com/advisories/58939

http://secunia.com/advisories/58945

http://secunia.com/advisories/58977

http://secunia.com/advisories/59040

http://secunia.com/advisories/59126

http://secunia.com/advisories/59162

http://secunia.com/advisories/59175

http://secunia.com/advisories/59188

http://secunia.com/advisories/59189

http://secunia.com/advisories/59192

http://secunia.com/advisories/59223

http://secunia.com/advisories/59287

http://secunia.com/advisories/59300

http://secunia.com/advisories/59301

http://secunia.com/advisories/59305

http://secunia.com/advisories/59306

http://secunia.com/advisories/59310

http://secunia.com/advisories/59342

http://secunia.com/advisories/59364

http://secunia.com/advisories/59365

http://secunia.com/advisories/59413

http://secunia.com/advisories/59429

http://secunia.com/advisories/59437

http://secunia.com/advisories/59441

http://secunia.com/advisories/59449

http://secunia.com/advisories/59450

http://secunia.com/advisories/59451

http://secunia.com/advisories/59454

http://secunia.com/advisories/59490

http://secunia.com/advisories/59491

http://secunia.com/advisories/59514

http://secunia.com/advisories/59518

http://secunia.com/advisories/59528

http://secunia.com/advisories/59530

http://secunia.com/advisories/59587

http://secunia.com/advisories/59655

http://secunia.com/advisories/59659

http://secunia.com/advisories/59666

http://secunia.com/advisories/59669

http://secunia.com/advisories/59721

http://secunia.com/advisories/59784

http://secunia.com/advisories/59895

http://secunia.com/advisories/59990

http://secunia.com/advisories/60571

http://secunia.com/advisories/61254

http://security.gentoo.org/glsa/glsa-201407-05.xml

http://support.apple.com/kb/HT6443

http://support.citrix.com/article/CTX140876

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

http://www.blackberry.com/btsc/KB36051

http://www.fortiguard.com/advisory/FG-IR-14-018/

http://www.f-secure.com/en/web/labs_global/fsc-2014-6

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

http://www.ibm.com/support/docview.wss?uid=swg21676356

http://www.ibm.com/support/docview.wss?uid=swg21676793

http://www.ibm.com/support/docview.wss?uid=swg24037783

http://www.mandriva.com/security/advisories?name=MDVSA-2014:106

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.openssl.org/news/secadv_20140605.txt

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/67900

http://www.securitytracker.com/id/1030337

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

http://www-01.ibm.com/support/docview.wss?uid=swg21675821

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

http://www-01.ibm.com/support/docview.wss?uid=swg21676071

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

http://www-01.ibm.com/support/docview.wss?uid=swg21676644

http://www-01.ibm.com/support/docview.wss?uid=swg21676879

http://www-01.ibm.com/support/docview.wss?uid=swg21676889

http://www-01.ibm.com/support/docview.wss?uid=swg21677527

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

http://www-01.ibm.com/support/docview.wss?uid=swg21678167

http://www-01.ibm.com/support/docview.wss?uid=swg21678289

http://www-01.ibm.com/support/docview.wss?uid=swg21683332

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

https://bugzilla.redhat.com/show_bug.cgi?id=1103598

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

https://kb.bluecoat.com/index?page=content&id=SA80

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

https://www.novell.com/support/kb/doc.php?id=7015271

Details

Source: MITRE

Published: 2014-06-05

Updated: 2019-04-22

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 0.9.8y (inclusive)

Configuration 2

OR

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*

Tenable Plugins

View all (78 total)

IDNameProductFamilySeverity
129359MariaDB 10.0.0 < 10.0.13 Multiple VulnerabilitiesNessusDatabases
medium
125000EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1547)NessusHuawei Local Security Checks
critical
108515pfSense < 2.1.4 Multiple Vulnerabilities ( SA-14_07 )NessusFirewalls
medium
89651openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)NessusSuSE Local Security Checks
critical
88991Cisco NX-OS OpenSSL Multiple VulnerabilitiesNessusCISCO
high
88988Cisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590)NessusCISCO
medium
83716SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)NessusSuSE Local Security Checks
high
82315Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)NessusMandriva Local Security Checks
high
81649Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE)NessusWeb Servers
high
80915Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)NessusWindows
medium
80720Oracle Solaris Third-Party Patch Update : openssl (cve_2010_5298_race_conditions)NessusSolaris Local Security Checks
high
80322Fedora 20 : mingw-openssl-1.0.1j-1.fc20 (2014-17587) (POODLE)NessusFedora Local Security Checks
high
80319Fedora 21 : mingw-openssl-1.0.1j-1.fc21 (2014-17576) (POODLE)NessusFedora Local Security Checks
high
79547OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)NessusOracleVM Local Security Checks
high
79026RHEL 6 : Storage Server (RHSA-2014:0628)NessusRed Hat Local Security Checks
high
78292Amazon Linux AMI : openssl (ALAS-2014-349)NessusAmazon Linux Local Security Checks
high
78180F5 Networks BIG-IP : OpenSSL vulnerability (K15356)NessusF5 Networks Local Security Checks
high
8394Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)Nessus Network MonitorWeb Clients
critical
77749Mac OS X Multiple Vulnerabilities (Security Update 2014-004)NessusMacOS X Local Security Checks
critical
77748Mac OS X 10.9.x < 10.9.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
77635EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079)NessusWindows
high
77476Apache Tomcat 8.0.x < 8.0.11 Multiple OpenSSL VulnerabilitiesNessusWeb Servers
medium
77475Apache Tomcat 7.0.x < 7.0.55 Multiple VulnerabilitiesNessusWeb Servers
medium
77245Ubuntu 10.04 LTS : openssl vulnerabilities (USN-2232-4)NessusUbuntu Local Security Checks
high
77200OpenSSL 'ChangeCipherSpec' MiTM VulnerabilityNessusMisc.
medium
77152HP Version Control Agent (VCA) < 7.3.3 Multiple SSL VulnerabilitiesNessusSuSE Local Security Checks
high
77151HP Version Control Agent (VCA) < 7.3.3 Multiple SSL VulnerabilitiesNessusRed Hat Local Security Checks
high
77150HP Version Control Agent (VCA) < 7.3.3 Multiple SSL VulnerabilitiesNessusWindows
medium
77108Fedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed)NessusFedora Local Security Checks
high
77107Fedora 19 : openssl-1.0.1e-39.fc19 (2014-9301)NessusFedora Local Security Checks
high
77020HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple VulnerabilitiesNessusWindows
medium
77004Cerberus FTP Server 6.x < 6.0.10.0 / 7.x < 7.0.0.3 Multiple OpenSSL VulnerabilitiesNessusFTP
medium
76994VMware vCenter Support Assistant Multiple Vulnerabilities (VMSA-2014-0006)NessusMisc.
medium
76966VMware Horizon View Client < 3.0.0 Multiple SSL Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76965VMware Horizon View Client < 3.0.0 Multiple SSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)NessusMacOS X Local Security Checks
medium
76947VMware vCenter Converter Multiple Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76945VMware Horizon View Multiple Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76891RHEL 7 : openssl (RHSA-2014:0679)NessusRed Hat Local Security Checks
high
76864GLSA-201407-05 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
76769HP Smart Update Manager 6.x < 6.4.1 Multiple VulnerabilitiesNessusCGI abuses
medium
76729Oracle Linux 7 : openssl (ELSA-2014-0679)NessusOracle Linux Local Security Checks
high
76580McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075)NessusMisc.
medium
76579McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075)NessusMisc.
medium
76511LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)NessusMacOS X Local Security Checks
medium
76510LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed)NessusWindows
medium
76495VMware vCenter Server Appliance Multiple Vulnerabilities (VMSA-2014-0006)NessusMisc.
medium
76493Fortinet OpenSSL Multiple VulnerabilitiesNessusMisc.
medium
76492Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL VulnerabilitiesNessusMacOS X Local Security Checks
medium
76491Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL VulnerabilitiesNessusWindows
medium
76390HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)NessusWindows
medium
76356VMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2014-0006)NessusWindows
medium
76345HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple VulnerabilitiesNessusWeb Servers
medium
76199Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-3)NessusUbuntu Local Security Checks
high
76167WinSCP 5.x < 5.5.4 Multiple VulnerabilitiesNessusWindows
medium
76146McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)NessusMisc.
medium
76145McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)NessusMisc.
medium
76128Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSLNessusCISCO
medium
75383openSUSE Security Update : openssl (openSUSE-SU-2014:0764-1)NessusSuSE Local Security Checks
high
74512AIX OpenSSL Advisory : openssl_advisory9.docNessusAIX Local Security Checks
medium
74508Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-2)NessusUbuntu Local Security Checks
high
74421stunnel < 5.02 OpenSSL Multiple VulnerabilitiesNessusWindows
medium
74415Mandriva Linux Security Advisory : openssl (MDVSA-2014:106)NessusMandriva Local Security Checks
high
801619OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple VulnerabilitiesLog Correlation EngineWeb Servers
medium
74364OpenSSL 1.0.1 < 1.0.1h Multiple VulnerabilitiesNessusWeb Servers
high
74363OpenSSL 0.9.8 < 0.9.8za Multiple VulnerabilitiesNessusWeb Servers
medium
74353Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl vulnerabilities (USN-2232-1)NessusUbuntu Local Security Checks
high
74350Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140605)NessusScientific Linux Local Security Checks
high
74347RHEL 6 : openssl (RHSA-2014:0625)NessusRed Hat Local Security Checks
high
74344Oracle Linux 6 : openssl (ELSA-2014-0625)NessusOracle Linux Local Security Checks
high
74342FreeBSD : OpenSSL -- multiple vulnerabilities (5ac53801-ec2e-11e3-9cf3-3c970e169bc2)NessusFreeBSD Local Security Checks
high
74341Fedora 20 : openssl-1.0.1e-38.fc20 (2014-7102)NessusFedora Local Security Checks
high
74340Fedora 19 : openssl-1.0.1e-38.fc19 (2014-7101)NessusFedora Local Security Checks
high
74337Debian DSA-2950-1 : openssl - security updateNessusDebian Local Security Checks
high
74334CentOS 6 : openssl (CESA-2014:0625)NessusCentOS Local Security Checks
high
74331Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-156-03)NessusSlackware Local Security Checks
high
8253OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
74326OpenSSL 'ChangeCipherSpec' MiTM Potential VulnerabilityNessusMisc.
medium
73403OpenSSL 1.0.0 < 1.0.0m Multiple VulnerabilitiesNessusWeb Servers
high