FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-6450

This CVE name corresponds to:

Entered	Topic
2014-01-06	openssl -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-6450 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2013-6450
Phase	Assigned(20131104)

Description

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

References

Source	Reference
BUGTRAQ	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
FULLDISC	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
CONFIRM	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b
CONFIRM	http://www.openssl.org/news/vulnerabilities.html
CONFIRM	https://security-tracker.debian.org/tracker/CVE-2013-6450
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
DEBIAN	DSA-2833
GENTOO	GLSA-201412-39
REDHAT	RHSA-2014:0015
SUSE	openSUSE-SU-2014:0048
SUSE	openSUSE-SU-2014:0049
UBUNTU	USN-2079-1
BID	64618
SECTRACK	1029549
SECTRACK	1031594