Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-0221

Disclosure Date: June 05, 2014
CVE-2014-0221
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • fedoraproject,
  • mariadb,
  • openssl,
  • opensuse,
  • redhat,
  • suse

Products

  • enterprise linux 5,
  • enterprise linux 6.0,
  • fedora,
  • fedora 19,
  • fedora 20,
  • leap 42.1,
  • linux enterprise desktop 12,
  • linux enterprise server 12,
  • linux enterprise software development kit 12,
  • linux enterprise workstation extension 12,
  • mariadb,
  • openssl,
  • opensuse 13.2,
  • storage 2.1

References

Canonical
CVE-2014-0221 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221)
BID-67901 (http://www.securityfocus.com/bid/67901)
Advisory
SECUNIA-59342 (http://secunia.com/advisories/59342)
SECUNIA-59669 (http://secunia.com/advisories/59669)
http://www.novell.com/support/kb/doc.php?id=7015300
SECUNIA-59990 (http://secunia.com/advisories/59990)
SECTRACK-1030337 (http://www.securitytracker.com/id/1030337)
SECUNIA-59454 (http://secunia.com/advisories/59454)
SECUNIA-59126 (http://secunia.com/advisories/59126)
http://www.novell.com/support/kb/doc.php?id=7015264
SECUNIA-59306 (http://secunia.com/advisories/59306)
http://www-01.ibm.com/support/docview.wss?uid=swg21678289
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
HPSBUX03046 (http://marc.info?l=bugtraq&m=140266410314613&w=2)
SECUNIA-61254 (http://secunia.com/advisories/61254)
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
SECUNIA-59895 (http://secunia.com/advisories/59895)
SECUNIA-59449 (http://secunia.com/advisories/59449)
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
HPSBOV03047 (http://marc.info?l=bugtraq&m=140317760000786&w=2)
http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
SECUNIA-59441 (http://secunia.com/advisories/59441)
HPSBMU03074 (http://marc.info?l=bugtraq&m=140621259019789&w=2)
SECUNIA-59189 (http://secunia.com/advisories/59189)
http://www.mandriva.com/security/advisories?name=MDVSA-2014:106
SECUNIA-59300 (http://secunia.com/advisories/59300)
GLSA-201407-05 (http://security.gentoo.org/glsa/glsa-201407-05.xml)
SECUNIA-59284 (http://secunia.com/advisories/59284)
http://www.ibm.com/support/docview.wss?uid=swg24037783
SECUNIA-59365 (http://secunia.com/advisories/59365)
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (http://www.securityfocus.com/archive/1/534161/100/0/threaded)
SECUNIA-59495 (http://secunia.com/advisories/59495)
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
http://www-01.ibm.com/support/docview.wss?uid=swg21676889
FEDORA-2014-9308 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html)
SECUNIA-58945 (http://secunia.com/advisories/58945)
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
SECUNIA-59659 (http://secunia.com/advisories/59659)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
SECUNIA-59429 (http://secunia.com/advisories/59429)
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
SECUNIA-59655 (http://secunia.com/advisories/59655)
http://www-01.ibm.com/support/docview.wss?uid=swg21676071
SECUNIA-59437 (http://secunia.com/advisories/59437)
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
SECUNIA-59310 (http://secunia.com/advisories/59310)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
http://www.fortiguard.com/advisory/FG-IR-14-018
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
http://www.ibm.com/support/docview.wss?uid=swg21676793
http://www.ibm.com/support/docview.wss?uid=swg21676356
HPSBMU03057 (http://marc.info?l=bugtraq&m=140389274407904&w=2)
http://support.citrix.com/article/CTX140876
SECUNIA-59167 (http://secunia.com/advisories/59167)
SECUNIA-59120 (http://secunia.com/advisories/59120)
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
HPSBMU03069 (http://marc.info?l=bugtraq&m=140499827729550&w=2)
http://www.mandriva.com/security/advisories?name=MDVSA-2014:105
SECUNIA-59460 (http://secunia.com/advisories/59460)
http://rhn.redhat.com/errata/RHSA-2014-1021.html
SECUNIA-58939 (http://secunia.com/advisories/58939)
SECUNIA-59027 (http://secunia.com/advisories/59027)
SECUNIA-59514 (http://secunia.com/advisories/59514)
http://www.ibm.com/support/docview.wss?uid=swg21676226
20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl)
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
SECUNIA-59221 (http://secunia.com/advisories/59221)
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
SECUNIA-58714 (http://secunia.com/advisories/58714)
HPSBGN03050 (http://marc.info?l=bugtraq&m=140482916501310&w=2)
http://www.openssl.org/news/secadv_20140605.txt
SECUNIA-58615 (http://secunia.com/advisories/58615)
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (http://seclists.org/fulldisclosure/2014/Dec/23)
http://support.apple.com/kb/HT6443
SECUNIA-59301 (http://secunia.com/advisories/59301)
SECUNIA-59784 (http://secunia.com/advisories/59784)
https://kb.bluecoat.com/index?page=content&id=SA80
HPSBMU03076 (http://marc.info?l=bugtraq&m=140904544427729&w=2)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://www-01.ibm.com/support/docview.wss?uid=swg21678167
SECUNIA-59192 (http://secunia.com/advisories/59192)
FEDORA-2014-9301 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html)
HPSBMU03062 (http://marc.info?l=bugtraq&m=140752315422991&w=2)
HPSBMU03056 (http://marc.info?l=bugtraq&m=140389355508263&w=2)
SECUNIA-59175 (http://secunia.com/advisories/59175)
HPSBMU03051 (http://marc.info?l=bugtraq&m=140448122410568&w=2)
SECUNIA-59666 (http://secunia.com/advisories/59666)
HPSBMU03055 (http://marc.info?l=bugtraq&m=140431828824371&w=2)
SECUNIA-59413 (http://secunia.com/advisories/59413)
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www-01.ibm.com/support/docview.wss?uid=swg21675821
SECUNIA-59721 (http://secunia.com/advisories/59721)
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
SECUNIA-58713 (http://secunia.com/advisories/58713)
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
SECUNIA-59450 (http://secunia.com/advisories/59450)
http://linux.oracle.com/errata/ELSA-2014-1053.html
SECUNIA-59287 (http://secunia.com/advisories/59287)
http://www-01.ibm.com/support/docview.wss?uid=swg21683332
SECUNIA-59491 (http://secunia.com/advisories/59491)
SECUNIA-59364 (http://secunia.com/advisories/59364)
SECUNIA-59451 (http://secunia.com/advisories/59451)
SECUNIA-58977 (http://secunia.com/advisories/58977)
https://www.novell.com/support/kb/doc.php?id=7015271
SECUNIA-60571 (http://secunia.com/advisories/60571)
https://git.openssl.org/gitweb?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846
http://www.blackberry.com/btsc/KB36051
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www-01.ibm.com/support/docview.wss?uid=swg21677527
SECUNIA-60687 (http://secunia.com/advisories/60687)
https://bugzilla.redhat.com/show_bug.cgi?id=1103593
SECUNIA-59528 (http://secunia.com/advisories/59528)
SECUNIA-58337 (http://secunia.com/advisories/58337)
SECUNIA-59518 (http://secunia.com/advisories/59518)
SECUNIA-59162 (http://secunia.com/advisories/59162)
SECUNIA-59490 (http://secunia.com/advisories/59490)
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
HPSBMU03065 (http://marc.info?l=bugtraq&m=140491231331543&w=2)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis