Miembros de
Boletines de Vulnerabilidades |
Security Bulletin: Multiple OpenSSL vulnerabilities |
|
Información sobre el sistema |
|
| Software afectado | IBM |
Descripción |
|
|
DESCRIPTION (From cve.mitre.org) CVE-2013-4353: A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue only affected OpenSSL 1.0.1 versions. CVE-2013-6449: A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. This issue only affected OpenSSL 1.0.1 versions. OpenSSL is vulnerable to a denial of service, caused by an error in the More info: https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_openssl_vulnerabilities?lang=en_us |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2013-4353 ,CVE-2013-6449 ,CVE-2013-4548 ,CVE-2013-5780 ,CVE-2013-5372 ,CVE-2013-5803 ,CVE-2013-6304 ,CVE-2014-0411 ,CVE-2013-6440 and CVE-2013-6450. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2014-03-04 |