Improper Input Validation
CVE-2013-4353
Summary
The "ssl3_take_mac" function in "ssl/s3_both.c" in OpenSSL 1.0.1 through 1.0.1e allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
- MEDIUM
- NETWORK
- NONE
- NONE
- NONE
- PARTIAL
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Advisory Timeline
- Published