Release date:
Updated on:
Affected Systems:
OpenSSL Project OpenSSL 1.0.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64618
CVE (CAN) ID: CVE-2013-6450
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
In the DTLS relay Implementation of OpenSSL 0.9.8y, 1.0.0-1.0.1e, the data structure of the summary and encryption context is not properly maintained, attackers can use different contexts to obtain sensitive information by interfering with data packet transmission (related ssl/dsf-both.c, ssl/t1_enc.c.
<* Source: vendor
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
OpenSSL Project
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openssl.org/
Http://git.openssl.org/gitweb? P = openssl. git; a = commit; h = 41528967f1e65dc8f34e000f0f5518e21afbfc7b
OpenSSL details: click here
OpenSSL: click here
Recommended reading:
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.