{ "threat_severity" : "Important", "public_date" : "2014-06-05T00:00:00Z", "bugzilla" : { "description" : "openssl: Buffer overflow via DTLS invalid fragment", "id" : "1103598", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1103598" }, "cvss" : { "cvss_base_score" : "5.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status" : "verified" }, "cwe" : "CWE-119", "details" : [ "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment." ], "statement" : "This issue does not affect the version of openssl as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6.", "acknowledgement" : "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Jüri Aedla as the original reporter.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-06-05T00:00:00Z", "advisory" : "RHSA-2014:0625", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "openssl-0:1.0.1e-16.el6_5.14" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2014-06-10T00:00:00Z", "advisory" : "RHSA-2014:0679", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "openssl-1:1.0.1e-34.el7_0.3" }, { "product_name" : "Red Hat Storage 2.1", "release_date" : "2014-06-05T00:00:00Z", "advisory" : "RHSA-2014:0628", "cpe" : "cpe:/a:redhat:storage:2.1:server:el6", "package" : "openssl-0:1.0.1e-16.el6_5.14" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "openssl097a", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "guest-images", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "openssl098e", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "openssl098e", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Virtualization 3", "fix_state" : "Not affected", "package_name" : "mingw-virt-viewer", "cpe" : "cpe:/a:redhat:enterprise_linux:7::hypervisor" }, { "product_name" : "Red Hat Enterprise Virtualization 3", "fix_state" : "Not affected", "package_name" : "rhev-hypervisor", "cpe" : "cpe:/a:redhat:enterprise_linux:7::hypervisor" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 1", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 2", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-0195\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0195\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name" : "CVE-2014-0195", "csaw" : false }