Unrated severityNVD Advisory· Published Dec 23, 2013· Updated Jun 17, 2026
CVE-2013-6449
CVE-2013-6449
Description
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*range: <=1.0.1e
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
- (no CPE)range: <1.0.2
Patches
Vulnerability mechanics
References
27- git.openssl.org/gitweb/nvd
- lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00006.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00009.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00012.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00031.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-0015.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-0041.htmlnvd
- rt.openssl.org/Ticket/Display.htmlnvd
- seclists.org/fulldisclosure/2014/Dec/23nvd
- security.gentoo.org/glsa/glsa-201412-39.xmlnvd
- www-01.ibm.com/support/docview.wssnvd
- www-01.ibm.com/support/docview.wssnvd
- www.debian.org/security/2014/dsa-2833nvd
- www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlnvd
- www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlnvd
- www.securityfocus.com/archive/1/534161/100/0/threadednvd
- www.securityfocus.com/bid/64530nvd
- www.securitytracker.com/id/1029548nvd
- www.ubuntu.com/usn/USN-2079-1nvd
- www.vmware.com/security/advisories/VMSA-2014-0012.htmlnvd
- bugzilla.redhat.com/show_bug.cginvd
- issues.apache.org/jira/browse/TS-2355nvd
News mentions
0No linked articles in our index yet.