Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2013-6450

Published: 01/01/2014 Updated: 07/11/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Subscribe to Openssl

Vulnerability Summary

The DTLS retransmission implementation in OpenSSL 1.0.0 prior to 1.0.0l and 1.0.1 prior to 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle malicious users to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.1

openssl openssl 1.0.0c

openssl openssl 1.0.0i

openssl openssl 1.0.0

openssl openssl 1.0.1c

openssl openssl 1.0.0h

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0d

openssl openssl 1.0.0j

openssl openssl 1.0.1a

openssl openssl 1.0.1d

openssl openssl 1.0.1b

openssl openssl 1.0.1e

openssl openssl 1.0.0a

openssl openssl 1.0.0b

openssl openssl 1.0.0g

Vendor Advisories

Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic Updated openssl packages that fix three security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerabili ...
Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Debian CVElist Bug Report Logs: openssl: CVE-2013-6449: crash when using TLS 1.2
Debian Bug report logs - #732754 openssl: CVE-2013-6449: crash when using TLS 12 Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 21 Dec ...
Debian Security Advisories: DSA-2833-1 openssl -- several vulnerabilities
Multiple security issues have been fixed in OpenSSL: The TLS 12 support was susceptible to denial of service and retransmission of DTLS messages was fixed In addition this update disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see marcinfo/?l=openssl-announce&m=138747119822324&w=2 for further information) an ...
Amazon Linux AMI: ALAS-2014-273
A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 12 was enabled This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library (CVE-2013-6449) It was discovered that the Datagram Transport Layer Security (DTLS) protocol impleme ...
Red Hat: CVE-2013-6450
The DTLS retransmission implementation in OpenSSL 100 before 100l and 101 before 101f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, re ...

References

CWE-310https://security-tracker.debian.org/tracker/CVE-2013-6450http://www.debian.org/security/2014/dsa-2833http://www.securitytracker.com/id/1029549http://rhn.redhat.com/errata/RHSA-2014-0015.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00031.htmlhttp://www.ubuntu.com/usn/USN-2079-1http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.htmlhttp://www.openssl.org/news/vulnerabilities.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.securityfocus.com/bid/64618http://www-01.ibm.com/support/docview.wss?uid=isg400001843http://www-01.ibm.com/support/docview.wss?uid=isg400001841http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.securitytracker.com/id/1031594http://security.gentoo.org/glsa/glsa-201412-39.xmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlhttps://puppet.com/security/cve/cve-2013-6450http://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7bhttps://access.redhat.com/errata/RHSA-2014:0015https://usn.ubuntu.com/2079-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-6450
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook