CVE-2013-4353

EPSS 22.5%

openssl - programming error

Published: 1/9/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2013-4353

Description

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Affected packages (2)

Debian/opensslfrom 0, < 1.0.1f-1
Debian/opensslfrom 0, < 1.0.1e-2+deb7u3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4353