OpenSSL CVE-2014-0221 Vulnerability
Description
By sending an invalid DTLS handshake to an OpenSSL DTLS client the codecan be made to recurse eventually crashing in a DoS attack.Only applications using OpenSSL as a DTLS client are affected.OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zaOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. Thisissue was reported to OpenSSL on 9th May 2014.The fix was developed by Stephen Henson of the OpenSSL core team.
Affected Applications
OpenSSL