The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
2014-01-01T16:05:15.017
2025-04-11T00:51:21.963
Deferred
CVSSv2: 5.8 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:P
8.6
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0a | Yes |
| Application | openssl | openssl | 1.0.0b | Yes |
| Application | openssl | openssl | 1.0.0c | Yes |
| Application | openssl | openssl | 1.0.0d | Yes |
| Application | openssl | openssl | 1.0.0e | Yes |
| Application | openssl | openssl | 1.0.0f | Yes |
| Application | openssl | openssl | 1.0.0g | Yes |
| Application | openssl | openssl | 1.0.0h | Yes |
| Application | openssl | openssl | 1.0.0i | Yes |
| Application | openssl | openssl | 1.0.0j | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1a | Yes |
| Application | openssl | openssl | 1.0.1b | Yes |
| Application | openssl | openssl | 1.0.1c | Yes |
| Application | openssl | openssl | 1.0.1d | Yes |
| Application | openssl | openssl | 1.0.1e | Yes |