Versions (4)
Version DetailsCurrent
Rev: 4 • Jun 13, 2014, 12:00 PMET EXPLOIT SUSPICIOUS DTLS 1.2 Fragmented Client Hello Possible CVE-2014-0195
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT SUSPICIOUS DTLS 1.2 Fragmented Client Hello Possible CVE-2014-0195"; content:"|16 fe fd 00 00 00 00 00 00 00|"; depth:10; content:"|01|"; distance:3; within:1; byte_test:3,>,0,0,relative; byte_test:3,>,0,8,relative; byte_extract:3,0,frag_len,relative; byte_jump:3,5,relative; content:"|01|"; within:1; byte_test:3,!=,frag_len,0,relative; reference:url,h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002; classtype:attempted-user; sid:2018561; rev:4; metadata:created_at 2014_06_13, deprecation_reason Age, confidence Low, signature_severity Major, updated_at 2023_01_19;)
Jun 13, 2014, 12:00 PM
Jan 19, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules