Unrated severityNVD Advisory· Published Jan 9, 2014· Updated Apr 29, 2026
CVE-2013-4353
CVE-2013-4353
Description
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
Affected products
9cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- www.openssl.org/news/vulnerabilities.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00065.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00067.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00070.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-0015.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-0041.htmlnvd
- www-01.ibm.com/support/docview.wssnvd
- www-01.ibm.com/support/docview.wssnvd
- www.debian.org/security/2014/dsa-2837nvd
- www.splunk.com/view/SP-CAAAMB3nvd
- www.ubuntu.com/usn/USN-2079-1nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.