cve/CVE-2013-6449.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

POC

Reference

http://seclists.org/fulldisclosure/2014/Dec/23
http://seclists.org/fulldisclosure/2014/Dec/23
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/chnzzh/OpenSSL-CVE-lib

1.3 KiB Raw Blame History

CVE-2013-6449

Description

POC

Reference

Github

1.3 KiB

Raw Blame History