The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Openssl
  • Openssl
Redhat
  • Enterprise Linux
  • Rhev Manager

Configuration 1 [-]

OR cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
openssl-0:1.0.1e-16.el6_5.4 cpe:/o:redhat:enterprise_linux:6 RHSA-2014:0015 2014-01-08T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-6
rhev-hypervisor6-0:6.5-20140112.0.el6ev cpe:/o:redhat:enterprise_linux:6::hypervisor RHSA-2014:0041 2014-01-21T00:00:00Z
RHEV Manager version 3.3
spice-client-msi-0:3.3-12 cpe:/a:redhat:rhev_manager:3 RHSA-2014:0416 2014-04-17T00:00:00Z
References
Link Providers
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable cve-icon cve-icon
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0015.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0041.html cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2837 cve-icon cve-icon
http://www.openssl.org/news/vulnerabilities.html cve-icon cve-icon
http://www.splunk.com/view/SP-CAAAMB3 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2079-1 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1049058 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-4353 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-4353 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-01-09T01:00:00

Updated: 2024-08-06T16:38:01.888Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4353

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-01-09T01:55:03.153

Modified: 2024-11-21T01:55:24.607

Link: CVE-2013-4353

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-01-06T00:00:00Z

Links: CVE-2013-4353 - Bugzilla