CVE-2013-6450

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

References

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html

http://rhn.redhat.com/errata/RHSA-2014-0015.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://security.gentoo.org/glsa/glsa-201412-39.xml

http://www.debian.org/security/2014/dsa-2833

http://www.openssl.org/news/vulnerabilities.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/64618

http://www.securitytracker.com/id/1029549

http://www.securitytracker.com/id/1031594

http://www.ubuntu.com/usn/USN-2079-1

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

https://puppet.com/security/cve/cve-2013-6450

https://security-tracker.debian.org/tracker/CVE-2013-6450

Details

Source: MITRE

Published: 2014-01-01

Updated: 2018-10-09

Type: CWE-310

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
127201NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)NessusNewStart CGSL Local Security Checks
critical
106488pfSense < 2.1.1 Multiple Vulnerabilities (SA-14_02 / SA-14_03)NessusFirewalls
high
80721Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed)NessusSolaris Local Security Checks
high
80720Oracle Solaris Third-Party Patch Update : openssl (cve_2010_5298_race_conditions)NessusSolaris Local Security Checks
high
80244GLSA-201412-39 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
79547OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)NessusOracleVM Local Security Checks
high
79013RHEL 6 : rhevm-spice-client (RHSA-2014:0416)NessusRed Hat Local Security Checks
high
78163F5 Networks BIG-IP : OpenSSL vulnerability (K15158)NessusF5 Networks Local Security Checks
medium
77108Fedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed)NessusFedora Local Security Checks
high
77107Fedora 19 : openssl-1.0.1e-39.fc19 (2014-9301)NessusFedora Local Security Checks
high
76511LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)NessusMacOS X Local Security Checks
medium
76510LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed)NessusWindows
medium
75317openSUSE Security Update : openssl (openSUSE-SU-2014:0048-1)NessusSuSE Local Security Checks
medium
73639HP System Management Homepage OpenSSL Multiple Vulnerabilities (Heartbleed)NessusWeb Servers
medium
73564AIX OpenSSL Advisory : openssl_advisory6.ascNessusAIX Local Security Checks
medium
73133Puppet Enterprise 3.x < 3.1.2 DTLS Retransmission DoSNessusCGI abuses
medium
72291Amazon Linux AMI : openssl (ALAS-2014-273)NessusAmazon Linux Local Security Checks
medium
72270Fedora 19 : mingw-openssl-1.0.1e-5.fc19 (2014-1560)NessusFedora Local Security Checks
medium
72154Fedora 20 : mingw-openssl-1.0.1e-5.fc20 (2014-1567)NessusFedora Local Security Checks
medium
72021Mandriva Linux Security Advisory : openssl (MDVSA-2014:007)NessusMandriva Local Security Checks
medium
71930Slackware 14.0 / 14.1 / current : openssl (SSA:2014-013-02)NessusSlackware Local Security Checks
medium
71919Fedora 18 : openssl-1.0.1e-37.fc18 (2014-0474)NessusFedora Local Security Checks
medium
71905Fedora 20 : openssl-1.0.1e-37.fc20 (2014-0476)NessusFedora Local Security Checks
medium
71904Fedora 19 : openssl-1.0.1e-37.fc19 (2014-0456)NessusFedora Local Security Checks
medium
71896Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : openssl vulnerabilities (USN-2079-1)NessusUbuntu Local Security Checks
medium
71894Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140108)NessusScientific Linux Local Security Checks
medium
71877RHEL 6 : openssl (RHSA-2014:0015)NessusRed Hat Local Security Checks
medium
71875Oracle Linux 6 : openssl (ELSA-2014-0015)NessusOracle Linux Local Security Checks
medium
71865CentOS 6 : openssl (CESA-2014:0015)NessusCentOS Local Security Checks
medium
71857OpenSSL 1.0.1 < 1.0.1f Multiple VulnerabilitiesNessusWeb Servers
medium
71856OpenSSL 1.0.0 < 1.0.0l DTLS Security BypassNessusWeb Servers
medium
71808FreeBSD : openssl -- multiple vulnerabilities (5aaa257e-772d-11e3-a65a-3c970e169bc2)NessusFreeBSD Local Security Checks
medium
71781Debian DSA-2833-1 : openssl - several vulnerabilitiesNessusDebian Local Security Checks
medium