CVE-2013-6450

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-6450 at MITRE

Description

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

NVD CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)

SUSE information

SUSE Bugzilla entries: 857203, 861384

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • libopenssl-devel >= 1.0.1e-1.21.1
  • libopenssl-devel-32bit >= 1.0.1e-1.21.1
  • libopenssl1_0_0 >= 1.0.1e-1.21.1
  • libopenssl1_0_0-32bit >= 1.0.1e-1.21.1
  • libopenssl1_0_0-debuginfo >= 1.0.1e-1.21.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1e-1.21.1
  • openssl >= 1.0.1e-1.21.1
  • openssl-debuginfo >= 1.0.1e-1.21.1
  • openssl-debugsource >= 1.0.1e-1.21.1
  • openssl-doc >= 1.0.1e-1.21.1
Patchnames:
openSUSE-2014-27
openSUSE 13.1
  • libopenssl-devel >= 1.0.1e-11.9.1
  • libopenssl-devel-32bit >= 1.0.1e-11.9.1
  • libopenssl1_0_0 >= 1.0.1e-11.9.1
  • libopenssl1_0_0-32bit >= 1.0.1e-11.9.1
  • libopenssl1_0_0-debuginfo >= 1.0.1e-11.9.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.1e-11.9.1
  • openssl >= 1.0.1e-11.9.1
  • openssl-debuginfo >= 1.0.1e-11.9.1
  • openssl-debugsource >= 1.0.1e-11.9.1
  • openssl-doc >= 1.0.1e-11.9.1
Patchnames:
openSUSE-2014-27
openSUSE Evergreen 11.4
  • libopenssl-devel >= 1.0.0l-18.49.1
  • libopenssl1_0_0 >= 1.0.0l-18.49.1
  • libopenssl1_0_0-32bit >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo-32bit >= 1.0.0l-18.49.1
  • libopenssl1_0_0-debuginfo-x86 >= 1.0.0l-18.49.1
  • libopenssl1_0_0-x86 >= 1.0.0l-18.49.1
  • openssl >= 1.0.0l-18.49.1
  • openssl-debuginfo >= 1.0.0l-18.49.1
  • openssl-debugsource >= 1.0.0l-18.49.1
  • openssl-doc >= 1.0.0l-18.49.1
Patchnames:
2014-6