CVE-2013-6449

EPSS 47.0%

openssl - several

Published: 12/23/2013Modified: 4/28/2026

Description

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

Affected packages (2)

Debian/opensslfrom 0, < 1.0.1e-5
Debian/opensslfrom 0, < 1.0.1e-2+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-6449