suse · CVE-2013-6449

Quick triage

Priority: medium Published: 2021-05-30 13:16:11 UTC Updated: 2026-04-18 18:49:02 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2013-6449 severity moderate: SUSE including 121 source package names (libopenssl-1_0_0-devel, libopenssl-1_0_0-devel-1.0.2n-1.32, …), 321 product×package rows across 51 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (51 product lines)): Known Not Affected 162, Fixed 159.

Description:

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

cvelogic Threat Intelligence