CVE-2013-6450 — Openssl vulnerability

CWE-31011 documents8 sources

Severity

5.8MEDIUMNVD

EPSS

22.5%

top 4.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedJan 1

Latest updateMay 14

Description

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 1.0.1e-5 (bookworm)

▶Debianopenssl/openssl< 1.0.1e-5+3

▶NVDopenssl/openssl17 versions+16

🔴Vulnerability Details

GHSA

GHSA-3qp2-qh33-29hx: The DTLS retransmission implementation in OpenSSL 1↗2022-05-14

▶

OSV

CVE-2013-6450: The DTLS retransmission implementation in OpenSSL 1↗2014-01-01

▶

📋Vendor Advisories

BSD

FreeBSD-SA-14:03.openssl: OpenSSL multiple vulnerabilities↗2014-01-14

▶

Ubuntu

OpenSSL vulnerabilities↗2014-01-09

▶

Red Hat

openssl: crash in DTLS renegotiation after packet loss↗2013-12-19

▶

Debian

CVE-2013-6450: openssl - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 ...↗2013

▶

💬Community

Bugzilla

CVE-2013-6450 mingw32-openssl: openssl: MiTM due to improper implementation of DTLS retransmission [epel-5]↗2014-01-02

▶

Bugzilla

CVE-2013-6450 openssl: crash in DTLS renegotiation after packet loss↗2014-01-02

▶

Bugzilla

CVE-2013-6450 mingw-openssl: openssl: MiTM due to improper implementation of DTLS retransmission [fedora-all]↗2014-01-02

▶

Bugzilla

CVE-2013-6450 openssl: MiTM due to improper implementation of DTLS retransmission [fedora-all]↗2014-01-02

▶