Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2013-4353

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

  • Published: Jan 9, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-4353
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
openssl / openssl 1.0.1-beta2 1.0.1-beta2.x
openssl / openssl 1.0.1c 1.0.1c.x
openssl / openssl 1.0.1-beta3 1.0.1-beta3.x
openssl / openssl 1.0.1a 1.0.1a.x
openssl / openssl 1.0.1-beta1 1.0.1-beta1.x
openssl / openssl 1.0.1d 1.0.1d.x
openssl / openssl 1.0.1b 1.0.1b.x
openssl / openssl 1.0.1e 1.0.1e.x
openssl / openssl 1.0.1 1.0.1.x