Veracode Vulnerability DatabaseVERACODE:3499Man-in-the-Middle (MitM)
0.025 Low
EPSS
Percentile
90.1%
OpenSSL is vulnerable to man in the middle (MitM) attacks. These attacks are possible because the DTLS retransmission implementation doesnโt correctly maintain data structures for digest and encryption contexts.
References
git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b
lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
lists.opensuse.org/opensuse-updates/2014-01/msg00031.html
lists.opensuse.org/opensuse-updates/2014-01/msg00032.html
rhn.redhat.com/errata/RHSA-2014-0015.html
seclists.org/fulldisclosure/2014/Dec/23
security.gentoo.org/glsa/glsa-201412-39.xml
www-01.ibm.com/support/docview.wss?uid=isg400001841
www-01.ibm.com/support/docview.wss?uid=isg400001843
www.debian.org/security/2014/dsa-2833
www.openssl.org/news/vulnerabilities.html
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
www.securityfocus.com/archive/1/534161/100/0/threaded
www.securityfocus.com/bid/64618
www.securitytracker.com/id/1029549
www.securitytracker.com/id/1031594
www.ubuntu.com/usn/USN-2079-1
www.vmware.com/security/advisories/VMSA-2014-0012.html
git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b
puppet.com/security/cve/cve-2013-6450
security-tracker.debian.org/tracker/CVE-2013-6450
www.openssl.org/news/vulnerabilities.html
Related
