Six new CVEs were made public today for OpenSSL. These potential exploits could allow for man-in-the-middle attacks, code execution, and denial of service attack. The new reports are:
- SSL/TLS MITM vulnerability (CVE-2014-0224)More information on these latest OpenSSL security woes can be found via the posting at OpenSSL.org.
- DTLS recursion flaw (CVE-2014-0221)
- DTLS invalid fragment vulnerability (CVE-2014-0195)
- SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
- SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
- Anonymous ECDH denial of service (CVE-2014-3470)