OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
2015-01-09T02:59:01.287
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | ≤ 0.9.8zc | Yes |
| Application | openssl | openssl | 1.0.0a | Yes |
| Application | openssl | openssl | 1.0.0b | Yes |
| Application | openssl | openssl | 1.0.0c | Yes |
| Application | openssl | openssl | 1.0.0d | Yes |
| Application | openssl | openssl | 1.0.0e | Yes |
| Application | openssl | openssl | 1.0.0f | Yes |
| Application | openssl | openssl | 1.0.0g | Yes |
| Application | openssl | openssl | 1.0.0h | Yes |
| Application | openssl | openssl | 1.0.0i | Yes |
| Application | openssl | openssl | 1.0.0j | Yes |
| Application | openssl | openssl | 1.0.0k | Yes |
| Application | openssl | openssl | 1.0.0l | Yes |
| Application | openssl | openssl | 1.0.0m | Yes |
| Application | openssl | openssl | 1.0.0n | Yes |
| Application | openssl | openssl | 1.0.0o | Yes |
| Application | openssl | openssl | 1.0.1a | Yes |
| Application | openssl | openssl | 1.0.1b | Yes |
| Application | openssl | openssl | 1.0.1c | Yes |
| Application | openssl | openssl | 1.0.1d | Yes |
| Application | openssl | openssl | 1.0.1e | Yes |
| Application | openssl | openssl | 1.0.1f | Yes |
| Application | openssl | openssl | 1.0.1g | Yes |
| Application | openssl | openssl | 1.0.1h | Yes |
| Application | openssl | openssl | 1.0.1i | Yes |
| Application | openssl | openssl | 1.0.1j | Yes |