The dtls1_reassemble_fragment function in d1_both.c in... · CVE-2014-0195 · GitHub Advisory Database · GitHub

The dtls1_reassemble_fragment function in d1_both.c in...

Moderate severity Unreviewed Published May 14, 2022 to the GitHub Advisory Database • Updated Apr 12, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

References

Published by the National Vulnerability Database

Jun 5, 2014

Published to the GitHub Advisory Database May 14, 2022

Last updated Apr 12, 2025

Weaknesses

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Learn more on MITRE.

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. Learn more on MITRE.