CVE-2015-0206 in Ubuntu

CVE-2015-0206

Priority

Medium

Description

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL
1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to
cause a denial of service (memory consumption) by sending many duplicate
records for the next epoch, leading to failure of replay detection.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
https://usn.ubuntu.com/usn/usn-2459-1

Assigned-to

mdeslaur

Package

Source: openssl098 (LP Ubuntu Debian)

Upstream:	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected

Package

Source: openssl (LP Ubuntu Debian)

Upstream:	released (1.0.1k)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1.0.1f-1ubuntu2.8)

Patches:

Upstream:

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=04685bc949e90a877656cf5020b6d4f90a9636a6 (1.0.1)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-15 20:34:03 UTC (commit 13913)