CVE-2014-3513
openssl - security update
EPSS 38.4%
Description
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
How to fix CVE-2014-3513
To remediate CVE-2014-3513, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 1.0.1j-1 or later
- Debian/openssl—upgrade to 1.0.1e-2+deb7u13 or later
Is CVE-2014-3513 being exploited?
Moderate — EPSS is 38.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0.1j-1
- from 0, < 1.0.1e-2+deb7u13