CVE-2013-4353
Published: 6 January 2014
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
Notes
Author | Note |
---|---|
mdeslaur | only affected 1.0.1+ |
Priority
Status
Package | Release | Status |
---|---|---|
openssl Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
|
|
precise |
Released
(1.0.1-4ubuntu5.11)
|
|
quantal |
Released
(1.0.1c-3ubuntu2.6)
|
|
raring |
Released
(1.0.1c-4ubuntu8.2)
|
|
saucy |
Released
(1.0.1e-3ubuntu1.1)
|
|
Patches: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=197e0ea817ad64820789d86711d55ff50d71f631 |
||
openssl098 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|