Описание
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openssl097a | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl098e | Affected | ||
| Red Hat Enterprise Linux 7 | openssl098e | Affected | ||
| Red Hat Enterprise Virtualization 3 | mingw-virt-viewer | Affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | openssl | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | openssl | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | others | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl | Fixed | RHSA-2014:1053 | 13.08.2014 |
| Red Hat Enterprise Linux 6 | openssl | Fixed | RHSA-2014:1052 | 13.08.2014 |
| Red Hat Enterprise Linux 7 | openssl | Fixed | RHSA-2014:1052 | 13.08.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, ...
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
EPSS
5 Medium
CVSS2