CVE-2014-0195 in Apple Mac OS Xinfo

Summary

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Reservation

12/03/2013

Disclosure

06/05/2014

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
67656	Apple Mac OS X Messages d1_both.c dtls1_reassemble_fragment memory corruption	119	High	Official fix	CVE-2014-0195
13454	OpenSSL DTLS Fragment d1_both.c memory corruption	119	High	Official fix	CVE-2014-0195

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!