Vulnerability Name:

CVE-2014-0221

Assigned:2013-12-03
Published:2014-06-05
Updated:2017-11-14
Summary:The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
CVSS v3 Severity:3.7 Low (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
CWE-400
References:Source: CONFIRM
Type: UNKNOWN
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

Source: CONFIRM
Type: UNKNOWN
http://linux.oracle.com/errata/ELSA-2014-1053.html

Source: FEDORA
Type: UNKNOWN
FEDORA-2014-9301

Source: FEDORA
Type: UNKNOWN
FEDORA-2014-9308

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:0743

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0640

Source: HP
Type: UNKNOWN
SSRT101590

Source: HP
Type: UNKNOWN
HPSBOV03047

Source: HP
Type: UNKNOWN
HPSBMU03057

Source: HP
Type: UNKNOWN
HPSBMU03056

Source: HP
Type: UNKNOWN
HPSBMU03055

Source: HP
Type: UNKNOWN
HPSBMU03051

Source: HP
Type: UNKNOWN
HPSBGN03050

Source: HP
Type: UNKNOWN
HPSBMU03065

Source: HP
Type: UNKNOWN
HPSBMU03069

Source: HP
Type: UNKNOWN
HPSBMU03074

Source: HP
Type: UNKNOWN
HPSBMU03062

Source: HP
Type: UNKNOWN
HPSBMU03076

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1021

Source: FULLDISC
Type: UNKNOWN
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

Source: SECUNIA
Type: UNKNOWN
58337

Source: SECUNIA
Type: UNKNOWN
58615

Source: SECUNIA
Type: UNKNOWN
58713

Source: SECUNIA
Type: UNKNOWN
58714

Source: SECUNIA
Type: UNKNOWN
58945

Source: SECUNIA
Type: UNKNOWN
58977

Source: SECUNIA
Type: UNKNOWN
59027

Source: SECUNIA
Type: UNKNOWN
59167

Source: SECUNIA
Type: UNKNOWN
59175

Source: SECUNIA
Type: UNKNOWN
59189

Source: SECUNIA
Type: UNKNOWN
59192

Source: SECUNIA
Type: UNKNOWN
59284

Source: SECUNIA
Type: UNKNOWN
59287

Source: SECUNIA
Type: UNKNOWN
59306

Source: SECUNIA
Type: UNKNOWN
59310

Source: SECUNIA
Type: UNKNOWN
59364

Source: SECUNIA
Type: UNKNOWN
59365

Source: SECUNIA
Type: UNKNOWN
59429

Source: SECUNIA
Type: UNKNOWN
59437

Source: SECUNIA
Type: UNKNOWN
59441

Source: SECUNIA
Type: UNKNOWN
59449

Source: SECUNIA
Type: UNKNOWN
59454

Source: SECUNIA
Type: UNKNOWN
59460

Source: SECUNIA
Type: UNKNOWN
59518

Source: SECUNIA
Type: UNKNOWN
61254

Source: GENTOO
Type: UNKNOWN
GLSA-201407-05

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT6443

Source: CONFIRM
Type: UNKNOWN
http://support.citrix.com/article/CTX140876

Source: CISCO
Type: UNKNOWN
20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21673137

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21675821

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676035

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676062

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676071

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676419

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676879

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676889

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21677527

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21677695

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21677828

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21678167

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21678289

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21683332

Source: CONFIRM
Type: UNKNOWN
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

Source: CONFIRM
Type: UNKNOWN
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

Source: CONFIRM
Type: UNKNOWN
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

Source: CONFIRM
Type: UNKNOWN
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

Source: CONFIRM
Type: UNKNOWN
http://www.blackberry.com/btsc/KB36051

Source: CONFIRM
Type: UNKNOWN
http://www.fortiguard.com/advisory/FG-IR-14-018/

Source: CONFIRM
Type: UNKNOWN
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg21676226

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg21676356

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg21676793

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg24037783

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2014:105

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2014:106

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:062

Source: CONFIRM
Type: UNKNOWN
http://www.novell.com/support/kb/doc.php?id=7015264

Source: CONFIRM
Type: UNKNOWN
http://www.novell.com/support/kb/doc.php?id=7015300

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.openssl.org/news/secadv_20140605.txt

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Source: BUGTRAQ
Type: UNKNOWN
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

Source: BID
Type: UNKNOWN
67901

Source: SECTRACK
Type: UNKNOWN
1030337

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2014-0006.html

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Source: CONFIRM
Type: UNKNOWN
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E

Source: CONFIRM
Type: UNKNOWN
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1103593

Source: XF
Type: UNKNOWN
openssl-cve20140221-dos(93587)

Source: CONFIRM
Type: UNKNOWN
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

Source: CONFIRM
Type: UNKNOWN
https://kb.bluecoat.com/index?page=content&id=SA80

Source: CONFIRM
Type: UNKNOWN
https://kc.mcafee.com/corporate/index?page=content&id=SB10075

Source: CONFIRM
Type: UNKNOWN
https://www.novell.com/support/kb/doc.php?id=7015271

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:redhat:storage:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20140221
    V
    CVE-2014-0221
    2017-11-19
    oval:org.mitre.oval:def:28333
    P
    SUSE-SU-2015:0743-1 -- Security update for mariadb (important)
    2015-08-17
    oval:org.mitre.oval:def:29338
    P
    DSA-2950-2 -- openssl -- security update
    2015-08-17
    oval:org.mitre.oval:def:24994
    V
    Remote Denial of Service (DoS)
    2015-04-20
    oval:org.mitre.oval:def:27123
    P
    ELSA-2014-0679 -- openssl security update (important)
    2015-02-23
    oval:org.mitre.oval:def:26954
    P
    ELSA-2014-1053 -- openssl security update (moderate)
    2014-12-15
    oval:org.mitre.oval:def:25803
    P
    USN-2232-4 -- openssl vulnerabilities
    2014-10-27
    oval:org.mitre.oval:def:26315
    P
    RHSA-2014:1053: openssl security update (Moderate)
    2014-10-13
    oval:org.mitre.oval:def:25318
    P
    SUSE-SU-2014:0759-2 -- Security update for OpenSSL
    2014-09-08
    oval:org.mitre.oval:def:24677
    P
    SUSE-SU-2014:0761-1 -- Security update for OpenSSL
    2014-09-08
    oval:org.mitre.oval:def:25014
    P
    RHSA-2014:0679: openssl security update (Important)
    2014-09-08
    oval:org.mitre.oval:def:25291
    P
    SUSE-SU-2014:0759-1 -- Security update for OpenSSL
    2014-09-08
    oval:org.mitre.oval:def:25171
    P
    ELSA-2014:0625: openssl security update (Important)
    2014-09-01
    oval:org.mitre.oval:def:24603
    V
    Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to cause a denial of service (recursion and client crash)
    2014-08-18
    oval:com.redhat.rhsa:def:20141053
    P
    RHSA-2014:1053: openssl security update (Moderate)
    2014-08-13
    oval:org.mitre.oval:def:25082
    P
    USN-2232-2 -- openssl regression
    2014-08-11
    oval:org.mitre.oval:def:24628
    P
    USN-2232-3 -- openssl regression
    2014-08-11
    oval:org.mitre.oval:def:24977
    V
    AIX OpenSSL DTLS recursion flaw
    2014-08-11
    oval:org.mitre.oval:def:24448
    P
    USN-2232-1 -- openssl vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24711
    P
    DSA-2950-1 openssl - security update
    2014-07-21
    oval:org.mitre.oval:def:24892
    P
    RHSA-2014:0625: openssl security update (Important)
    2014-07-21
    oval:com.redhat.rhsa:def:20140679
    P
    RHSA-2014:0679: openssl security update (Important)
    2014-06-10
    oval:com.redhat.rhsa:def:20140625
    P
    RHSA-2014:0625: openssl security update (Important)
    2014-06-05
    oval:com.ubuntu.precise:def:20140221000
    V
    CVE-2014-0221 on Ubuntu 12.04 LTS (precise) - medium.
    2014-06-05
    oval:com.ubuntu.trusty:def:20140221000
    V
    CVE-2014-0221 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-06-05
    BACK
    openssl openssl 1.0.0
    openssl openssl 1.0.0 beta1
    openssl openssl 1.0.0 beta2
    openssl openssl 1.0.0 beta3
    openssl openssl 1.0.0 beta4
    openssl openssl 1.0.0 beta5
    openssl openssl 1.0.0a
    openssl openssl 1.0.0b
    openssl openssl 1.0.0c
    openssl openssl 1.0.0d
    openssl openssl 1.0.0e
    openssl openssl 1.0.0f
    openssl openssl 1.0.0g
    openssl openssl 1.0.0h
    openssl openssl 1.0.0i
    openssl openssl 1.0.0j
    openssl openssl 1.0.0k
    openssl openssl 1.0.0l
    redhat storage 2.1
    fedoraproject fedora *
    redhat enterprise_linux 5
    redhat enterprise_linux 6
    openssl openssl 0.9.8
    openssl openssl 0.9.8a
    openssl openssl 0.9.8b
    openssl openssl 0.9.8c
    openssl openssl 0.9.8d
    openssl openssl 0.9.8e
    openssl openssl 0.9.8f
    openssl openssl 0.9.8g
    openssl openssl 0.9.8h
    openssl openssl 0.9.8i
    openssl openssl 0.9.8j
    openssl openssl 0.9.8k
    openssl openssl 0.9.8l
    openssl openssl 0.9.8m
    openssl openssl 0.9.8m beta1
    openssl openssl 0.9.8n
    openssl openssl 0.9.8o
    openssl openssl 0.9.8p
    openssl openssl 0.9.8q
    openssl openssl 0.9.8r
    openssl openssl 0.9.8s
    openssl openssl 0.9.8t
    openssl openssl 0.9.8u
    openssl openssl 0.9.8v
    openssl openssl 0.9.8w
    openssl openssl 0.9.8x
    openssl openssl 0.9.8y
    openssl openssl 1.0.1
    openssl openssl 1.0.1 beta1
    openssl openssl 1.0.1 beta2
    openssl openssl 1.0.1 beta3
    openssl openssl 1.0.1a
    openssl openssl 1.0.1b
    openssl openssl 1.0.1c
    openssl openssl 1.0.1d
    openssl openssl 1.0.1e
    openssl openssl 1.0.1f
    openssl openssl 1.0.1g
    redhat enterprise_linux 6
    redhat enterprise_linux 7
    redhat enterprise_linux 5