Unrated severityNVD Advisory· Published Jun 5, 2014· Updated May 6, 2026

CVE-2014-0195

Description

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Affected products

MariaDB/MariaDB
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Range: >=10.0.0,<10.0.13
OpenSSL Project/OpenSSL
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Range: >=0.9.8,<0.9.8za
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
OpenSUSE/Leap
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
osv-coords6 versions
pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweed pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 1.1.1l-1.2+ 5 more
- (no CPE)range: < 1.1.1l-1.2
- (no CPE)range: < 10.0.16-15.1
- (no CPE)range: < 10.0.16-15.1
- (no CPE)range: < 10.0.16-15.1
- (no CPE)range: < 10.0.16-15.1
- (no CPE)range: < 10.0.16-15.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

126

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
aix.software.ibm.com/aix/efixes/security/openssl_advisory9.ascnvdThird Party Advisory
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlnvdMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
marc.infonvdIssue TrackingMailing ListThird Party Advisory
seclists.org/fulldisclosure/2014/Dec/23nvdMailing ListThird Party Advisory
security.gentoo.org/glsa/glsa-201407-05.xmlnvdThird Party Advisory
support.apple.com/kb/HT6443nvdThird Party Advisory
support.citrix.com/article/CTX140876nvdThird Party Advisory
support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.htmlnvdThird Party Advisory
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-opensslnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-01.ibm.com/support/docview.wssnvdThird Party Advisory
www-947.ibm.com/support/entry/portal/docdisplaynvdThird Party Advisory
www-947.ibm.com/support/entry/portal/docdisplaynvdThird Party Advisory
www-947.ibm.com/support/entry/portal/docdisplaynvdThird Party Advisory
www-947.ibm.com/support/entry/portal/docdisplaynvdThird Party Advisory
www.blackberry.com/btsc/KB36051nvdThird Party Advisory
www.f-secure.com/en/web/labs_global/fsc-2014-6nvdThird Party Advisory
www.fortiguard.com/advisory/FG-IR-14-018/nvdThird Party Advisory
www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htmnvdThird Party Advisory
www.ibm.com/support/docview.wssnvdThird Party Advisory
www.ibm.com/support/docview.wssnvdThird Party Advisory
www.openssl.org/news/secadv_20140605.txtnvdVendor Advisory
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlnvdThird Party Advisory
www.securityfocus.com/archive/1/534161/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/67900nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1030337nvdBroken LinkThird Party AdvisoryVDB Entry
www.vmware.com/security/advisories/VMSA-2014-0006.htmlnvdThird Party Advisory
www.vmware.com/security/advisories/VMSA-2014-0012.htmlnvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
www.novell.com/support/kb/doc.phpnvdThird Party Advisory
h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048nvdBroken Link
h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002nvdBroken Link
secunia.com/advisories/58337nvdNot Applicable
secunia.com/advisories/58615nvdNot Applicable
secunia.com/advisories/58660nvdNot Applicable
secunia.com/advisories/58713nvdNot Applicable
secunia.com/advisories/58714nvdNot Applicable
secunia.com/advisories/58743nvdNot Applicable
secunia.com/advisories/58883nvdNot Applicable
secunia.com/advisories/58939nvdNot Applicable
secunia.com/advisories/58945nvdNot Applicable
secunia.com/advisories/58977nvdNot Applicable
secunia.com/advisories/59040nvdNot Applicable
secunia.com/advisories/59126nvdNot Applicable
secunia.com/advisories/59162nvdNot Applicable
secunia.com/advisories/59175nvdNot Applicable
secunia.com/advisories/59188nvdNot Applicable
secunia.com/advisories/59189nvdNot Applicable
secunia.com/advisories/59192nvdNot Applicable
secunia.com/advisories/59223nvdNot Applicable
secunia.com/advisories/59287nvdNot Applicable
secunia.com/advisories/59300nvdNot Applicable
secunia.com/advisories/59301nvdNot Applicable
secunia.com/advisories/59305nvdNot Applicable
secunia.com/advisories/59306nvdNot Applicable
secunia.com/advisories/59310nvdNot Applicable
secunia.com/advisories/59342nvdNot Applicable
secunia.com/advisories/59364nvdNot Applicable
secunia.com/advisories/59365nvdNot Applicable
secunia.com/advisories/59413nvdNot Applicable
secunia.com/advisories/59429nvdNot Applicable
secunia.com/advisories/59437nvdNot Applicable
secunia.com/advisories/59441nvdNot Applicable
secunia.com/advisories/59449nvdNot Applicable
secunia.com/advisories/59450nvdNot Applicable
secunia.com/advisories/59451nvdNot Applicable
secunia.com/advisories/59454nvdNot Applicable
secunia.com/advisories/59490nvdNot Applicable
secunia.com/advisories/59491nvdNot Applicable
secunia.com/advisories/59514nvdNot Applicable
secunia.com/advisories/59518nvdNot Applicable
secunia.com/advisories/59528nvdNot Applicable
secunia.com/advisories/59530nvdNot Applicable
secunia.com/advisories/59587nvdNot Applicable
secunia.com/advisories/59655nvdNot Applicable
secunia.com/advisories/59659nvdNot Applicable
secunia.com/advisories/59666nvdNot Applicable
secunia.com/advisories/59669nvdNot Applicable
secunia.com/advisories/59721nvdNot Applicable
secunia.com/advisories/59784nvdNot Applicable
secunia.com/advisories/59895nvdNot Applicable
secunia.com/advisories/59990nvdNot Applicable
secunia.com/advisories/60571nvdNot Applicable
secunia.com/advisories/61254nvdNot Applicable
www-01.ibm.com/support/docview.wssnvdBroken Link
www-01.ibm.com/support/docview.wssnvdBroken Link
www-01.ibm.com/support/docview.wssnvdBroken Link
www-01.ibm.com/support/docview.wssnvdBroken Link
www-01.ibm.com/support/docview.wssnvdBroken Link
www.ibm.com/support/docview.wssnvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
kb.bluecoat.com/indexnvdBroken Link
kc.mcafee.com/corporate/indexnvdBroken Link
git.openssl.org/gitweb/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000