Sid 1-31182
DELETED
Message
DELETED SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt
Summary
The dtls1reassemblefragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Impact
CVSS base score 6.8
CVSS impact score 6.4
CVSS exploitability score 8.6
confidentialityImpact PARTIAL
integrityImpact PARTIAL
availabilityImpact PARTIAL
Detailed information
Affected systems
- openssl openssl 0.9.8
- openssl openssl 0.9.8a
- openssl openssl 0.9.8b
- openssl openssl 0.9.8c
- openssl openssl 0.9.8d
- openssl openssl 0.9.8e
- openssl openssl 0.9.8f
- openssl openssl 0.9.8g
- openssl openssl 0.9.8h
- openssl openssl 0.9.8i
- openssl openssl 0.9.8j
- openssl openssl 0.9.8k
- openssl openssl 0.9.8l
- openssl openssl 0.9.8m
- openssl openssl 0.9.8n
- openssl openssl 0.9.8o
- openssl openssl 0.9.8p
- openssl openssl 0.9.8q
- openssl openssl 0.9.8r
- openssl openssl 0.9.8s
- openssl openssl 0.9.8t
- openssl openssl 0.9.8u
- openssl openssl 0.9.8v
- openssl openssl 0.9.8w
- openssl openssl 0.9.8x
- openssl openssl 0.9.8y
- openssl openssl 1.0.0
- openssl openssl 1.0.0a
- openssl openssl 1.0.0b
- openssl openssl 1.0.0c
- openssl openssl 1.0.0d
- openssl openssl 1.0.0e
- openssl openssl 1.0.0f
- openssl openssl 1.0.0g
- openssl openssl 1.0.0h
- openssl openssl 1.0.0i
- openssl openssl 1.0.0j
- openssl openssl 1.0.0k
- openssl openssl 1.0.0l
- openssl openssl 1.0.1
- openssl openssl 1.0.1a
- openssl openssl 1.0.1b
- openssl openssl 1.0.1c
- openssl openssl 1.0.1d
- openssl openssl 1.0.1e
- openssl openssl 1.0.1f
- openssl openssl 1.0.1g
- redhat storage 2.1
- redhat enterprise_linux 6
- fedoraproject fedora *
Ease of attack
False positives
None known
False negatives
None known
Corrective action
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
Contributors
- Talos research team.
- This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
- For more information see nvd.
Additional References
- osvdb.org/show/osvdb/107730