CVE-2013-6449
Published: 23 December 2013
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
Notes
| Author | Note |
|---|---|
| mdeslaur | only 1.0.1+ |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssl Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
| precise |
Released
(1.0.1-4ubuntu5.11)
|
|
| quantal |
Released
(1.0.1c-3ubuntu2.6)
|
|
| raring |
Released
(1.0.1c-4ubuntu8.2)
|
|
| saucy |
Released
(1.0.1e-3ubuntu1.1)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0294b2be5f4c11e60620c0018674ff0e17b14238 (1.0.1) upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75 (1.0.1) |
||