CVE-2013-4353

Summary

CVE	CVE-2013-4353
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-01-09 01:55:00 UTC
Updated	2023-11-07 02:16:00 UTC
Description	The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openssl	Openssl	1.0.1	All	All	All
Application	Openssl	Openssl	1.0.1	beta1	All	All
Application	Openssl	Openssl	1.0.1	beta2	All	All
Application	Openssl	Openssl	1.0.1	beta3	All	All
Application	Openssl	Openssl	1.0.1a	All	All	All
Application	Openssl	Openssl	1.0.1b	All	All	All
Application	Openssl	Openssl	1.0.1c	All	All	All
Application	Openssl	Openssl	1.0.1d	All	All	All
Application	Openssl	Openssl	1.0.1e	All	All	All
Application	Openssl	Openssl	1.0.1	All	All	All
Application	Openssl	Openssl	1.0.1	beta1	All	All
Application	Openssl	Openssl	1.0.1	beta2	All	All
Application	Openssl	Openssl	1.0.1	beta3	All	All
Application	Openssl	Openssl	1.0.1a	All	All	All
Application	Openssl	Openssl	1.0.1b	All	All	All
Application	Openssl	Openssl	1.0.1c	All	All	All
Application	Openssl	Openssl	1.0.1d	All	All	All
Application	Openssl	Openssl	1.0.1e	All	All	All

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-2837-1 openssl	DEBIAN	www.debian.org
git.openssl.org/gitweb	CONFIRM	git.openssl.org	Vendor Advisory
git.openssl.org Git - openssl.git/commit	CONFIRM	git.openssl.org
USN-2079-1: OpenSSL vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
openSUSE-SU-2014:0096-1: moderate: update for openssl	SUSE	lists.opensuse.org
openSUSE-SU-2014:0099-1: moderate: update for openssl	SUSE	lists.opensuse.org
[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19	FEDORA	lists.fedoraproject.org
Red Hat Customer Portal	REDHAT	rhn.redhat.com
Bug 1049058 – CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets	CONFIRM	bugzilla.redhat.com
IBM Tivoli Composite Application Manager for Transactions Internet Service Monitoring 7.3.0.1 Interim Fix 29 README Tivoli Composite Application Manager for Transactions 7.3.0.1 7.3.0.1-TIV-CAMIS-IF0029 Readme - United States	CONFIRM	www-01.ibm.com
git.openssl.org Git		git.openssl.org
IBM Tivoli Composite Application Manager for Transactions Internet Service Monitoring 7.4 Interim Fix 13 README Tivoli Composite Application Manager for Transactions 7.4.0.0 7.4.0.0-TIV-CAMIS-IF0013 Readme - United States	CONFIRM	www-01.ibm.com
OpenSSL: OpenSSL vulnerabilities	CONFIRM	www.openssl.org	Vendor Advisory
git.openssl.org Git - openssl.git/commit		git.openssl.org
openSUSE-SU-2014:0094-1: moderate: update for openssl	SUSE	lists.opensuse.org
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20	FEDORA	lists.fedoraproject.org
Red Hat Customer Portal	REDHAT	rhn.redhat.com
Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014 \| Splunk	CONFIRM	www.splunk.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)