CVE-2014-0195 - DTLS invalid fragment vulnerability


Information:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://www.openssl.org/news/secadv_20140605.txt

Description:
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

Impact to Tanium:
None - Tanium does not utilize UDP for communication or DTLS connections between the Client and Server.

Have more questions? Submit a request