1. Home
  2. CVE Database
  3. CVE-2013-6450
MEDIUM · 5.8

CVE-2013-6450

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-th...

Vulnerability Description

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:P
Confidentiality
NONE
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
OpensslOpenssl1.0.0

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2013-6450?

CVE-2013-6450 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-th...

How severe is CVE-2013-6450?

CVE-2013-6450 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-6450?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.