Resource Management Errors Affecting openssl Open this link in a new tab package, versions >=1.0.0, <1.0.108
Attack Complexity
Low
User Interaction
Required
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-COCOAPODS-OPENSSL-471309
-
published
2 Oct 2019
-
disclosed
16 May 2014
-
credit
Unknown
Introduced: 16 May 2014
CVE-2014-0221 Open this link in a new tabHow to fix?
Upgrade OpenSSL
to version 1.0.108 or higher.
Overview
OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
Affected versions of this package are vulnerable to Resource Management Errors. OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks can be made using an invalid DTLS handshake causing OpenSSL to go into a recursive loop.
References
- Apple Security Advisory
- BUGTRAQ
- CISCO
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- Fedora Security Announcement
- Fedora Security Announcement
- Gentoo Security Advisory
- HPE Support Center Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- Oracle Security Advisory
- Oracle Security Bulletin
- Oracle Security Bulletin
- Oracle Security Bulletin
- RedHat Bugzilla Bug
- RedHat Security Advisory
- Seclists Full Disclosure
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Focus
- Security Tracker
- VMware Security Advisory
- VMware Security Advisory