Vulnerability & Exploit Database

Back to search

Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products (Multiple CVEs)

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) June 12, 2015 February 07, 2017 March 21, 2018

Available Exploits 

Description

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

cisco-update-sanos

Related Vulnerabilities