Search for vulnerabilities
Vulnerability details: VCID-bydn-b3ub-aaah
Vulnerability ID VCID-bydn-b3ub-aaah
Aliases CVE-2013-6449
VC-OPENSSL-20131214-CVE-2013-6449
Summary A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. This issue only affected OpenSSL 1.0.1 versions.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-310 Cryptographic Issues
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2014:0015
rhas Important https://access.redhat.com/errata/RHSA-2014:0041
epss 0.30382 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.30382 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.30382 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.31007 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.31007 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.31007 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.53317 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.59591 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.6021 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.64445 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.657 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
epss 0.92097 https://api.first.org/data/v1/epss?cve=CVE-2013-6449
generic_textual MODERATE http://seclists.org/fulldisclosure/2014/Dec/23
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2013-6449
cvssv3.1 5.3 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
generic_textual HIGH http://www.securityfocus.com/archive/1/534161/100/0/threaded
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Reference id Reference type URL
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00006.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00009.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00012.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html
http://rhn.redhat.com/errata/RHSA-2014-0015.html
http://rhn.redhat.com/errata/RHSA-2014-0041.html
http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6449.json
https://api.first.org/data/v1/epss?cve=CVE-2013-6449
https://bugzilla.redhat.com/show_bug.cgi?id=1045363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201412-39.xml
https://github.com/openssl/openssl/commit/ca98926
https://issues.apache.org/jira/browse/TS-2355
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www.debian.org/security/2014/dsa-2833
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/64530
http://www.securitytracker.com/id/1029548
http://www.ubuntu.com/usn/USN-2079-1
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
732754 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732754
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
CVE-2013-6449 https://nvd.nist.gov/vuln/detail/CVE-2013-6449
GLSA-201412-39 https://security.gentoo.org/glsa/201412-39
RHSA-2014:0015 https://access.redhat.com/errata/RHSA-2014:0015
RHSA-2014:0041 https://access.redhat.com/errata/RHSA-2014:0041
USN-2079-1 https://usn.ubuntu.com/2079-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-6449
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.96458
EPSS Score 0.30382
Published At June 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.