CVE-2013-6450

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-6450 at MITRE

Description

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.76
Vector AV:N/AC:M/Au:N/C:N/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 857203 [RESOLVED / FIXED], 861384 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • libopenssl-devel >= 1.0.1e-1.21.1
  • libopenssl-devel-32bit >= 1.0.1e-1.21.1
  • libopenssl1_0_0 >= 1.0.1e-1.21.1
  • libopenssl1_0_0-32bit >= 1.0.1e-1.21.1
  • libopenssl1_0_0-debuginfo >= 1.0.1e-1.21.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1e-1.21.1
  • openssl >= 1.0.1e-1.21.1
  • openssl-debuginfo >= 1.0.1e-1.21.1
  • openssl-debugsource >= 1.0.1e-1.21.1
  • openssl-doc >= 1.0.1e-1.21.1
Patchnames:
openSUSE-2014-27
openSUSE 13.1
  • libopenssl-devel >= 1.0.1e-11.9.1
  • libopenssl-devel-32bit >= 1.0.1e-11.9.1
  • libopenssl1_0_0 >= 1.0.1e-11.9.1
  • libopenssl1_0_0-32bit >= 1.0.1e-11.9.1
  • libopenssl1_0_0-debuginfo >= 1.0.1e-11.9.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1e-11.9.1
  • openssl >= 1.0.1e-11.9.1
  • openssl-debuginfo >= 1.0.1e-11.9.1
  • openssl-debugsource >= 1.0.1e-11.9.1
  • openssl-doc >= 1.0.1e-11.9.1
Patchnames:
openSUSE-2014-27
openSUSE Evergreen 11.4
  • libopenssl-devel >= 1.0.0l-18.49.1
  • libopenssl1_0_0 >= 1.0.0l-18.49.1
  • libopenssl1_0_0-32bit >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo-x86 >= 1.0.0l-18.49.1
  • libopenssl1_0_0-x86 >= 1.0.0l-18.49.1
  • openssl >= 1.0.0l-18.49.1
  • openssl-debuginfo >= 1.0.0l-18.49.1
  • openssl-debugsource >= 1.0.0l-18.49.1
  • openssl-doc >= 1.0.0l-18.49.1
Patchnames:
2014-6