CVE-2015-0207

Description

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.

Risk Information

Base Score

8.2

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Score

Exploitation Probability

17.612

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities fixed in OpenSSL (x64) 1.0.2a	Windows
Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products For Cisco IOS	NCM
Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products For Cisco Jabber for Mac	NCM
CVE-2015-0207	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706090	Security Update for Cisco IOS Amsterdam-17.2.1r

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234