Severity: Unknown
Affected Package: openssl
Summary: OpenSSL DTLS buffer overrun and MITM keying vulnerabilities
Multiple OpenSSL vulnerabilities were fixed: an invalid DTLS fragment could cause a buffer overrun, an invalid DTLS handshake could cause unnecessary recursion, a crafted handshake could force use of weak keying material (CCS injection man-in-the-middle), and crafted packets could cause a NULL pointer dereference in TLS client code with anonymous ECDH enabled. Impacts include man-in-the-middle attacks and denial of service.
No specific recommendations provided.
Aliases: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
Published: June 05, 2014
Last Modified: June 05, 2014