MNBSD-2014-7: OpenSSL DTLS buffer overrun and MITM keying vulnerabilities

Severity: Unknown

Affected Package: openssl

Summary: OpenSSL DTLS buffer overrun and MITM keying vulnerabilities

Description

Multiple OpenSSL vulnerabilities were fixed: an invalid DTLS fragment could cause a buffer overrun, an invalid DTLS handshake could cause unnecessary recursion, a crafted handshake could force use of weak keying material (CCS injection man-in-the-middle), and crafted packets could cause a NULL pointer dereference in TLS client code with anonymous ECDH enabled. Impacts include man-in-the-middle attacks and denial of service.

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470

Published: June 05, 2014
Last Modified: June 05, 2014