CVE-2014-0195

Scores

EPSS

0.909high90.9%

0%20%40%60%80%100%

Percentile: 90.9%

CVSS

5.8medium2.0

0246810

CVSS Score: 5.8/10

All CVSS Scores

CVSS 2.0

5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Description

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-119CWE-120

Related Vulnerabilities

BDU:2015-00144 BDU:2015-00145 BDU:2015-00643 BDU:2015-05844 BDU:2015-05845 BDU:2015-05846 BDU:2015-05847 BDU:2015-05848 BDU:2015-05849 BDU:2015-05850 BDU:2015-05851 BDU:2015-05852 BDU:2015-05853 BDU:2015-05854 BDU:2015-05855 BDU:2015-09698

Exploits

Exploit ID: CVE-2014-0195

Source: github-poc

URL: https://github.com/PezwariNaan/CVE-2014-0195

Vulnerable Software (12)

Type: Configuration

Product: openssl

Operating System: ubuntu trusty 14.04

Trait:

{  "fixed": "1.0.1f-1ubuntu2.2"}

Source: ubuntu

Type: Configuration

Product: openssl

Operating System: rhel 6

Trait:

{  "fixed": "1.0.1e-16.el6_5.14"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 7

Trait:

{  "fixed": "1.0.1e-34.el7_0.3"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel

Trait:

{  "fixed": "1.0.1e-16.el6_5.14"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: debian

Trait:

{  "fixed": "1.0.1h-1"}

Source: debian

Type: Configuration

Product: openssl

Operating System: debian squeeze 6

Trait:

{  "fixed": "0.9.8o-4squeeze15"}

Source: debian

Type: Configuration

Product: openssl098

Operating System: ubuntu trusty 14.04

Trait:

{  "fixed": "0.9.8o-7ubuntu3.2.14.04.1"}

Source: ubuntu

Type: Configuration

Vendor: fedoraproject

Product: fedora

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: mariadb

Product: mariadb

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",      "versionEndExcluding": "10.0.13",      "versionStartIncluding": "10.0.0",      "vulnerable": true    }...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",      "versionEndExcluding": "10.0.13",      "versionStartIncluding": "10.0.0",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: openssl

Product: openssl

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",      "versionEndExcluding": "0.9.8za",      "versionStartIncluding": "0.9.8",      "vulnerable": true    },...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",      "versionEndExcluding": "0.9.8za",      "versionStartIncluding": "0.9.8",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",      "versionEndExcluding": "1.0.0m",      "versionStartIncluding": "1.0.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",      "versionEndExcluding": "1.0.1h",      "versionStartIncluding": "1.0.1",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: opensuse

Product: leap

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",     ...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: opensuse

Product: opensuse

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",     ...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2014-0195

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (12)