The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=140266410314613&w=2
http://marc.info/?l=bugtraq&m=140317760000786&w=2
http://marc.info/?l=bugtraq&m=140389274407904&w=2
http://marc.info/?l=bugtraq&m=140389355508263&w=2
http://marc.info/?l=bugtraq&m=140431828824371&w=2
http://marc.info/?l=bugtraq&m=140448122410568&w=2
http://marc.info/?l=bugtraq&m=140482916501310&w=2
http://marc.info/?l=bugtraq&m=140491231331543&w=2
http://marc.info/?l=bugtraq&m=140499827729550&w=2
http://marc.info/?l=bugtraq&m=140621259019789&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://marc.info/?l=bugtraq&m=140904544427729&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/58337
http://secunia.com/advisories/58615
http://secunia.com/advisories/58660
http://secunia.com/advisories/58713
http://secunia.com/advisories/58714
http://secunia.com/advisories/58743
http://secunia.com/advisories/58883
http://secunia.com/advisories/58939
http://secunia.com/advisories/58945
http://secunia.com/advisories/58977
http://secunia.com/advisories/59040
http://secunia.com/advisories/59126
http://secunia.com/advisories/59162
http://secunia.com/advisories/59175
http://secunia.com/advisories/59188
http://secunia.com/advisories/59189
http://secunia.com/advisories/59192
http://secunia.com/advisories/59223
http://secunia.com/advisories/59287
http://secunia.com/advisories/59300
http://secunia.com/advisories/59301
http://secunia.com/advisories/59305
http://secunia.com/advisories/59306
http://secunia.com/advisories/59310
http://secunia.com/advisories/59342
http://secunia.com/advisories/59364
http://secunia.com/advisories/59365
http://secunia.com/advisories/59413
http://secunia.com/advisories/59429
http://secunia.com/advisories/59437
http://secunia.com/advisories/59441
http://secunia.com/advisories/59449
http://secunia.com/advisories/59450
http://secunia.com/advisories/59451
http://secunia.com/advisories/59454
http://secunia.com/advisories/59490
http://secunia.com/advisories/59491
http://secunia.com/advisories/59514
http://secunia.com/advisories/59518
http://secunia.com/advisories/59528
http://secunia.com/advisories/59530
http://secunia.com/advisories/59587
http://secunia.com/advisories/59655
http://secunia.com/advisories/59659
http://secunia.com/advisories/59666
http://secunia.com/advisories/59669
http://secunia.com/advisories/59721
http://secunia.com/advisories/59784
http://secunia.com/advisories/59895
http://secunia.com/advisories/59990
http://secunia.com/advisories/60571
http://secunia.com/advisories/61254
http://security.gentoo.org/glsa/glsa-201407-05.xml
http://support.apple.com/kb/HT6443
http://support.citrix.com/article/CTX140876
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://www.blackberry.com/btsc/KB36051
http://www.fortiguard.com/advisory/FG-IR-14-018/
http://www.f-secure.com/en/web/labs_global/fsc-2014-6
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.ibm.com/support/docview.wss?uid=swg21676356
http://www.ibm.com/support/docview.wss?uid=swg21676793
http://www.ibm.com/support/docview.wss?uid=swg24037783
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.openssl.org/news/secadv_20140605.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/67900
http://www.securitytracker.com/id/1030337
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21675821
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676071
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676644
http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www-01.ibm.com/support/docview.wss?uid=swg21676889
http://www-01.ibm.com/support/docview.wss?uid=swg21677527
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
http://www-01.ibm.com/support/docview.wss?uid=swg21678167
http://www-01.ibm.com/support/docview.wss?uid=swg21678289
http://www-01.ibm.com/support/docview.wss?uid=swg21683332
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
https://bugzilla.redhat.com/show_bug.cgi?id=1103598
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kb.bluecoat.com/index?page=content&id=SA80
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
OR
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 0.9.8y (inclusive)
OR
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
OR
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
OR
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
129359 | MariaDB 10.0.0 < 10.0.13 Multiple Vulnerabilities | Nessus | Databases | medium |
125000 | EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1547) | Nessus | Huawei Local Security Checks | critical |
108515 | pfSense < 2.1.4 Multiple Vulnerabilities ( SA-14_07 ) | Nessus | Firewalls | medium |
89651 | openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE) | Nessus | SuSE Local Security Checks | critical |
88991 | Cisco NX-OS OpenSSL Multiple Vulnerabilities | Nessus | CISCO | high |
88988 | Cisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590) | Nessus | CISCO | medium |
83716 | SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1) | Nessus | SuSE Local Security Checks | high |
82315 | Mandriva Linux Security Advisory : openssl (MDVSA-2015:062) | Nessus | Mandriva Local Security Checks | high |
81649 | Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE) | Nessus | Web Servers | high |
80915 | Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU) | Nessus | Windows | medium |
80720 | Oracle Solaris Third-Party Patch Update : openssl (cve_2010_5298_race_conditions) | Nessus | Solaris Local Security Checks | high |
80322 | Fedora 20 : mingw-openssl-1.0.1j-1.fc20 (2014-17587) (POODLE) | Nessus | Fedora Local Security Checks | high |
80319 | Fedora 21 : mingw-openssl-1.0.1j-1.fc21 (2014-17576) (POODLE) | Nessus | Fedora Local Security Checks | high |
79547 | OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE) | Nessus | OracleVM Local Security Checks | high |
79026 | RHEL 6 : Storage Server (RHSA-2014:0628) | Nessus | Red Hat Local Security Checks | high |
78292 | Amazon Linux AMI : openssl (ALAS-2014-349) | Nessus | Amazon Linux Local Security Checks | high |
78180 | F5 Networks BIG-IP : OpenSSL vulnerability (K15356) | Nessus | F5 Networks Local Security Checks | high |
8394 | Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004) | Nessus Network Monitor | Web Clients | critical |
77749 | Mac OS X Multiple Vulnerabilities (Security Update 2014-004) | Nessus | MacOS X Local Security Checks | critical |
77748 | Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
77635 | EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079) | Nessus | Windows | high |
77476 | Apache Tomcat 8.0.x < 8.0.11 Multiple OpenSSL Vulnerabilities | Nessus | Web Servers | medium |
77475 | Apache Tomcat 7.0.x < 7.0.55 Multiple Vulnerabilities | Nessus | Web Servers | medium |
77245 | Ubuntu 10.04 LTS : openssl vulnerabilities (USN-2232-4) | Nessus | Ubuntu Local Security Checks | high |
77200 | OpenSSL 'ChangeCipherSpec' MiTM Vulnerability | Nessus | Misc. | medium |
77152 | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities | Nessus | SuSE Local Security Checks | high |
77151 | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities | Nessus | Red Hat Local Security Checks | high |
77150 | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities | Nessus | Windows | medium |
77108 | Fedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed) | Nessus | Fedora Local Security Checks | high |
77107 | Fedora 19 : openssl-1.0.1e-39.fc19 (2014-9301) | Nessus | Fedora Local Security Checks | high |
77020 | HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple Vulnerabilities | Nessus | Windows | medium |
77004 | Cerberus FTP Server 6.x < 6.0.10.0 / 7.x < 7.0.0.3 Multiple OpenSSL Vulnerabilities | Nessus | FTP | medium |
76994 | VMware vCenter Support Assistant Multiple Vulnerabilities (VMSA-2014-0006) | Nessus | Misc. | medium |
76966 | VMware Horizon View Client < 3.0.0 Multiple SSL Vulnerabilities (VMSA-2014-0006) | Nessus | Windows | medium |
76965 | VMware Horizon View Client < 3.0.0 Multiple SSL Vulnerabilities (VMSA-2014-0006) (Mac OS X) | Nessus | MacOS X Local Security Checks | medium |
76947 | VMware vCenter Converter Multiple Vulnerabilities (VMSA-2014-0006) | Nessus | Windows | medium |
76945 | VMware Horizon View Multiple Vulnerabilities (VMSA-2014-0006) | Nessus | Windows | medium |
76891 | RHEL 7 : openssl (RHSA-2014:0679) | Nessus | Red Hat Local Security Checks | high |
76864 | GLSA-201407-05 : OpenSSL: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
76769 | HP Smart Update Manager 6.x < 6.4.1 Multiple Vulnerabilities | Nessus | CGI abuses | medium |
76729 | Oracle Linux 7 : openssl (ELSA-2014-0679) | Nessus | Oracle Linux Local Security Checks | high |
76580 | McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075) | Nessus | Misc. | medium |
76579 | McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075) | Nessus | Misc. | medium |
76511 | LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed) | Nessus | MacOS X Local Security Checks | medium |
76510 | LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed) | Nessus | Windows | medium |
76495 | VMware vCenter Server Appliance Multiple Vulnerabilities (VMSA-2014-0006) | Nessus | Misc. | medium |
76493 | Fortinet OpenSSL Multiple Vulnerabilities | Nessus | Misc. | medium |
76492 | Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities | Nessus | MacOS X Local Security Checks | medium |
76491 | Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities | Nessus | Windows | medium |
76390 | HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056) | Nessus | Windows | medium |
76356 | VMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2014-0006) | Nessus | Windows | medium |
76345 | HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities | Nessus | Web Servers | medium |
76199 | Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-3) | Nessus | Ubuntu Local Security Checks | high |
76167 | WinSCP 5.x < 5.5.4 Multiple Vulnerabilities | Nessus | Windows | medium |
76146 | McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075) | Nessus | Misc. | medium |
76145 | McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075) | Nessus | Misc. | medium |
76128 | Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSL | Nessus | CISCO | medium |
75383 | openSUSE Security Update : openssl (openSUSE-SU-2014:0764-1) | Nessus | SuSE Local Security Checks | high |
74512 | AIX OpenSSL Advisory : openssl_advisory9.doc | Nessus | AIX Local Security Checks | medium |
74508 | Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-2) | Nessus | Ubuntu Local Security Checks | high |
74421 | stunnel < 5.02 OpenSSL Multiple Vulnerabilities | Nessus | Windows | medium |
74415 | Mandriva Linux Security Advisory : openssl (MDVSA-2014:106) | Nessus | Mandriva Local Security Checks | high |
801619 | OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple Vulnerabilities | Log Correlation Engine | Web Servers | medium |
74364 | OpenSSL 1.0.1 < 1.0.1h Multiple Vulnerabilities | Nessus | Web Servers | high |
74363 | OpenSSL 0.9.8 < 0.9.8za Multiple Vulnerabilities | Nessus | Web Servers | medium |
74353 | Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl vulnerabilities (USN-2232-1) | Nessus | Ubuntu Local Security Checks | high |
74350 | Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140605) | Nessus | Scientific Linux Local Security Checks | high |
74347 | RHEL 6 : openssl (RHSA-2014:0625) | Nessus | Red Hat Local Security Checks | high |
74344 | Oracle Linux 6 : openssl (ELSA-2014-0625) | Nessus | Oracle Linux Local Security Checks | high |
74342 | FreeBSD : OpenSSL -- multiple vulnerabilities (5ac53801-ec2e-11e3-9cf3-3c970e169bc2) | Nessus | FreeBSD Local Security Checks | high |
74341 | Fedora 20 : openssl-1.0.1e-38.fc20 (2014-7102) | Nessus | Fedora Local Security Checks | high |
74340 | Fedora 19 : openssl-1.0.1e-38.fc19 (2014-7101) | Nessus | Fedora Local Security Checks | high |
74337 | Debian DSA-2950-1 : openssl - security update | Nessus | Debian Local Security Checks | high |
74334 | CentOS 6 : openssl (CESA-2014:0625) | Nessus | CentOS Local Security Checks | high |
74331 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-156-03) | Nessus | Slackware Local Security Checks | high |
8253 | OpenSSL < 0.9.8za / < 1.0.0m / < 1.0.1h Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
74326 | OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability | Nessus | Misc. | medium |
73403 | OpenSSL 1.0.0 < 1.0.0m Multiple Vulnerabilities | Nessus | Web Servers | high |