Description

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Remediation

References

CVE-2013-4353

Related Vulnerabilities

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-0367)

WordPress Plugin WP Popup Builder-Popup Forms, Marketing PoPuP & Newsletter Multiple Vulnerabilities (1.2.8)

Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-6514)

WordPress Plugin Easy Team Manager SQL Injection (1.3.2)

Squid Improper Input Validation Vulnerability (CVE-2016-2570)

Severity

Medium

Classification

CVE-2013-4353 CWE-20

Tags

Missing Update Known Vulnerabilities