CVE-2013-6450
EPSS 19.7%
Description
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
How to fix CVE-2013-6450
To remediate CVE-2013-6450, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.1e-5 or later
Is CVE-2013-6450 being exploited?
Moderate — EPSS is 19.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.0.1e-5