|Bugzilla:||1047840: CVE-2013-6450 openssl: crash in DTLS renegotiation after packet loss|
The MITRE CVE dictionary describes this issue as:
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5 and earlier.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 6 (openssl)||RHSA-2014:0015||January 08, 2014|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.