CVE-2014-0195


Severity : Medium
Published : 2014-06-05
Modified : 2015-04-14
Base Score : 6.8
Details : The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Product/Version : Carrier Grade CGE 6.0  
Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Pro 5.0  
CGE 5.x  
Mobilinux 5.x  
Carrier Grade CGE 7.0  
 
 
 

CVE Vulnerabilities List CVE-2014

CVE-2014-0015 CVE-2014-0076 CVE-2014-0092 CVE-2014-0138
CVE-2014-0191 CVE-2014-0195 CVE-2014-0198 CVE-2014-0203
CVE-2014-0221 CVE-2014-0224 CVE-2014-0475 CVE-2014-1444
CVE-2014-1445 CVE-2014-1446 CVE-2014-1737 CVE-2014-1738
CVE-2014-1874 CVE-2014-2532 CVE-2014-3466 CVE-2014-3467
CVE-2014-3468 CVE-2014-3469 CVE-2014-3470 CVE-2014-3505
CVE-2014-3506 CVE-2014-3508 CVE-2014-3510 CVE-2014-3537
CVE-2014-3565 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
CVE-2014-4043 CVE-2014-4699 CVE-2014-4877 CVE-2014-5119
CVE-2014-6040 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278
CVE-2014-7169 CVE-2014-7185 CVE-2014-7186 CVE-2014-7187
CVE-2014-7817 CVE-2014-8121 CVE-2014-8176 CVE-2014-8275
CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9297
CVE-2014-9298 CVE-2014-9447 CVE-2014-9529