CVE-2013-6449
Published: 23 December 2013
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
openssl Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(1.0.1f-1ubuntu1)
|
|
|
Patches: Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0294b2be5f4c11e60620c0018674ff0e17b14238 (1.0.1) Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75 (1.0.1) |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | only 1.0.1+ |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
- https://usn.ubuntu.com/usn/usn-2079-1
- NVD
- Launchpad
- Debian