Search for vulnerabilities
Vulnerability details: VCID-49hw-yjgb-aaab
Vulnerability ID VCID-49hw-yjgb-aaab
Aliases CVE-2013-4353
VC-OPENSSL-20140106-CVE-2013-4353
Summary A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue only affected OpenSSL 1.0.1 versions.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-476 NULL Pointer Dereference
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2014:0015
rhas Important https://access.redhat.com/errata/RHSA-2014:0041
rhas Important https://access.redhat.com/errata/RHSA-2014:0416
epss 0.16922 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.16922 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.16922 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.16922 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.16922 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.16922 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.16922 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.16922 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.42181 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.46747 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.48322 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.48322 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.48322 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.53623 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.54245 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.68322 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.68322 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.68322 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
epss 0.68322 https://api.first.org/data/v1/epss?cve=CVE-2013-4353
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2013-4353
Reference id Reference type URL
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631
http://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=CHANGES;hb=refs/heads/OpenSSL_1_0_1-stable
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=197e0ea817ad64820789d86711d55ff50d71f631
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00070.html
http://rhn.redhat.com/errata/RHSA-2014-0015.html
http://rhn.redhat.com/errata/RHSA-2014-0041.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4353.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4353
https://bugzilla.redhat.com/show_bug.cgi?id=1049058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
https://github.com/openssl/openssl/commit/197e0ea817ad64820789d86711d55ff50d71f631
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www.debian.org/security/2014/dsa-2837
http://www.openssl.org/news/vulnerabilities.html
http://www.splunk.com/view/SP-CAAAMB3
http://www.ubuntu.com/usn/USN-2079-1
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
CVE-2013-4353 https://nvd.nist.gov/vuln/detail/CVE-2013-4353
GLSA-201402-25 https://security.gentoo.org/glsa/201402-25
RHSA-2014:0015 https://access.redhat.com/errata/RHSA-2014:0015
RHSA-2014:0041 https://access.redhat.com/errata/RHSA-2014:0041
RHSA-2014:0416 https://access.redhat.com/errata/RHSA-2014:0416
USN-2079-1 https://usn.ubuntu.com/2079-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4353
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94434
EPSS Score 0.16922
Published At April 8, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.