You are here

CVE-2013-6449

Vincent (CVE) Danen's picture
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

Details Source

Mitre

Statement

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5 and earlier.

Public Date

2013-12-19 00:00:00

Impact

Important

Bugzilla

CVE-2013-6449 openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm

Bugzilla ID

1 045 363

CVSS Status

verified

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (openssl) RHSA-2014:0015 2014-01-08
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2014:0041 2014-01-21

Affected Packages State

Platform Package State
Red Hat JBoss EWS 2 openssl Not affected
Red Hat JBoss EWS 1 openssl Not affected
Red Hat JBoss EAP 6 openssl Not affected
Red Hat JBoss EAP 5 openssl Not affected
Red Hat Enterprise Linux 7 openssl098e Not affected
Red Hat Enterprise Linux 7 openssl Not affected
Red Hat Enterprise Linux 6 openssl098e Not affected
Red Hat Enterprise Linux 5 openssl Not affected
Red Hat Enterprise Linux 5 openssl097a Not affected
Red Hat Enterprise Linux 4 openssl Not affected
Red Hat Enterprise Linux 3 openssl Not affected