CVE-2013-6450

high

Description

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

References

https://security-tracker.debian.org/tracker/CVE-2013-6450

https://puppet.com/security/cve/cve-2013-6450

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www.ubuntu.com/usn/USN-2079-1

http://www.securitytracker.com/id/1031594

http://www.securitytracker.com/id/1029549

http://www.securityfocus.com/bid/64618

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.openssl.org/news/vulnerabilities.html

http://www.debian.org/security/2014/dsa-2833

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://security.gentoo.org/glsa/glsa-201412-39.xml

http://seclists.org/fulldisclosure/2014/Dec/23

http://rhn.redhat.com/errata/RHSA-2014-0015.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b

Details

Source: Mitre, NVD

Published: 2014-01-01

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High