Lucene search
OpenSSL DoS Vulnerability (20240125) - Linux
🗓️ 26 Jan 2024 00:00:00Reported by Copyright (C) 2024 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 18 Views
OpenSSL DoS Vulnerability on Linux. Versions 1.0.2, 1.1.1, 3.0, 3.1, and 3.2. Allows DoS attack by processing malicious PKCS12 files. Update to versions 1.0.2zj, 1.1.1x, 3.0.13, 3.1.5, 3.2.1 or later
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
 | Vulnerability in OpenSSL - PKCS12 Decoding crashes | 25 Jan 202400:00 | – | openssl |
 | Denial Of Service | 30 Jan 202420:23 | – | veracode |
 | CVE-2024-0727 | 26 Jan 202400:00 | – | ubuntucve |
 | CGA-82M6-4HXR-W67M | 6 Jun 202412:23 | – | osv |
| CGA-V6GJ-WW59-2G5W | 6 Jun 202412:29 | – | osv |
| OPENSUSE-SU-2024:13663-1 libopenssl-3-devel-3.1.4-4.1 on GA media | 15 Jun 202400:00 | – | osv |
| OPENSUSE-SU-2024:13656-1 libopenssl-1_0_0-devel-1.0.2u-24.1 on GA media | 15 Jun 202400:00 | – | osv |
| CGA-V739-9XHW-5VMF | 6 Jun 202412:29 | – | osv |
| CGA-M4WP-P4QQ-W882 | 25 Sep 202405:28 | – | osv |
| Null pointer dereference in PKCS12 parsing | 26 Jan 202409:30 | – | osv |
10
| Source | Link |
|---|---|
| openssl | www.openssl.org/news/secadv/20240125.txt |
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:openssl:openssl";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.114307");
script_version("2024-02-05T05:05:38+0000");
script_tag(name:"last_modification", value:"2024-02-05 05:05:38 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"creation_date", value:"2024-01-26 11:08:52 +0000 (Fri, 26 Jan 2024)");
script_tag(name:"cvss_base", value:"4.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2024-02-02 15:53:24 +0000 (Fri, 02 Feb 2024)");
script_cve_id("CVE-2024-0727");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("OpenSSL DoS Vulnerability (20240125) - Linux");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Denial of Service");
script_dependencies("gb_openssl_consolidation.nasl", "os_detection.nasl");
script_mandatory_keys("openssl/detected", "Host/runs_unixoide");
script_tag(name:"summary", value:"OpenSSL is prone to a denial of service (DoS) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential DoS attack.");
script_tag(name:"impact", value:"Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.");
script_tag(name:"affected", value:"OpenSSL versions 1.0.2, 1.1.1, 3.0, 3.1 and 3.2.");
# nb: The "x" here is not a place holder but an actual version...
script_tag(name:"solution", value:"Update to version 1.0.2zj, 1.1.1x, 3.0.13, 3.1.5, 3.2.1 or
later.");
script_xref(name:"URL", value:"https://www.openssl.org/news/secadv/20240125.txt");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range_exclusive(version: version, test_version_lo: "1.0.2", test_version_up: "1.0.2zj")) {
report = report_fixed_ver(installed_version: version, fixed_version: "1.0.2zj", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "1.1.1", test_version_up: "1.1.1x")) {
report = report_fixed_ver(installed_version: version, fixed_version: "1.1.1x", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "3.0.0", test_version_up: "3.0.13")) {
report = report_fixed_ver(installed_version: version, fixed_version: "3.0.13", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "3.1.0", test_version_up: "3.1.5")) {
report = report_fixed_ver(installed_version: version, fixed_version: "3.1.5", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_is_equal(version: version, test_version: "3.2.0")) {
report = report_fixed_ver(installed_version: version, fixed_version: "3.2.1", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo26 Jan 2024 00:00Current
6Medium risk
Vulners AI Score6
CVSS35.5
EPSS0.00271