CVE-2013-6449 — Openssl vulnerability

CWE-31010 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

47.0%

top 2.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedDec 23

Latest updateMay 14

Description

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.1e-5 (bookworm)

▶Debianopenssl/openssl< 1.0.1e-5+3

▶NVDopenssl/openssl1.0.1e+16

🔴Vulnerability Details

GHSA

GHSA-h84w-39m4-37j6: The ssl_get_algorithm2 function in ssl/s3_lib↗2022-05-14

▶

OSV

CVE-2013-6449: The ssl_get_algorithm2 function in ssl/s3_lib↗2013-12-23

▶

📋Vendor Advisories

BSD

FreeBSD-SA-14:03.openssl: OpenSSL multiple vulnerabilities↗2014-01-14

▶

Ubuntu

OpenSSL vulnerabilities↗2014-01-09

▶

Red Hat

openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm↗2013-12-19

▶

Debian

CVE-2013-6449: openssl - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains ...↗2013

▶

💬Community

Bugzilla

CVE-2013-6449 mingw-openssl: openssl: crash when using TLS 1.2 [fedora-all]↗2013-12-20

▶

Bugzilla

CVE-2013-6449 openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm↗2013-12-20

▶

Bugzilla

CVE-2013-6449 openssl: crash when using TLS 1.2 [fedora-all]↗2013-12-20

▶