CVE-2013-6450

NONECVSS 0.0

0.0

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

🔗 References (44)

secalert@redhathttp://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2014-0015.html
secalert@redhathttp://seclists.org/fulldisclosure/2014/Dec/23
secalert@redhathttp://security.gentoo.org/glsa/glsa-201412-39.xml
secalert@redhathttp://www-01.ibm.com/support/docview.wss?uid=isg400001841
secalert@redhathttp://www-01.ibm.com/support/docview.wss?uid=isg400001843
secalert@redhathttp://www.debian.org/security/2014/dsa-2833
secalert@redhathttp://www.openssl.org/news/vulnerabilities.html
secalert@redhathttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
secalert@redhathttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
secalert@redhathttp://www.securityfocus.com/archive/1/534161/100/0/threaded

Is Your Infrastructure Affected by CVE-2013-6450?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-6450

📅 Published

🔄 Last Modified

🔗 References (44)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-6450?