CVE-2013-4353

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Published date
2014-01-09T01:55Z
Last modification date
2017-01-07T02:59Z
Assigner
secalert@redhat.com
Problem type
CWE-20
NameURLSourceTags
http://www.openssl.org/news/vulnerabilities.htmlhttp://www.openssl.org/news/vulnerabilities.htmlCONFIRMVendor Advisory
http://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=CHANGES;hb=refs/heads/OpenSSL_1_0_1-stablehttp://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=CHANGES;hb=refs/heads/OpenSSL_1_0_1-stableCONFIRMVendor Advisory
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=197e0ea817ad64820789d86711d55ff50d71f631http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=197e0ea817ad64820789d86711d55ff50d71f631CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1049058https://bugzilla.redhat.com/show_bug.cgi?id=1049058CONFIRM
RHSA-2014:0015http://rhn.redhat.com/errata/RHSA-2014-0015.htmlREDHAT
USN-2079-1http://www.ubuntu.com/usn/USN-2079-1UBUNTU
DSA-2837http://www.debian.org/security/2014/dsa-2837DEBIAN
openSUSE-SU-2014:0096http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.htmlSUSE
RHSA-2014:0041http://rhn.redhat.com/errata/RHSA-2014-0041.htmlREDHAT
openSUSE-SU-2014:0094http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.htmlSUSE
openSUSE-SU-2014:0099http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.htmlSUSE
http://www.splunk.com/view/SP-CAAAMB3http://www.splunk.com/view/SP-CAAAMB3CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=isg400001843http://www-01.ibm.com/support/docview.wss?uid=isg400001843CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=isg400001841http://www-01.ibm.com/support/docview.wss?uid=isg400001841CONFIRM
FEDORA-2014-9308http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlFEDORA
FEDORA-2014-9301http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlFEDORA