CVE-2013-6449

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1j OpenSSL versions 1.0.1

Description The issue concerns multiple vulnerabilities in the OpenSSL package that can be exploited remotely, potentially leading to breaches in confidentiality, integrity, and availability of protected information. A specific flaw in the ssl get algorithm2 function can cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For OpenSSL versions prior to 1.0.1j, update to version 1.0.1j or later to resolve the issue. For OpenSSL version 1.0.1, consider disabling the ssl get algorithm2 function as a temporary workaround until a patch is available. Restrict access to TLS 1.2 clients to minimize the risk of exploitation.