cve/CVE-2013-6449.md at 48a00929accbe24477052d164512463a2824377a

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

POC

Reference

http://seclists.org/fulldisclosure/2014/Dec/23
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/chnzzh/OpenSSL-CVE-lib

1.0 KiB Raw Blame History

CVE-2013-6449

Description

POC

Reference

Github

1.0 KiB

Raw Blame History