3 matches found
K32743437: OpenSSL vulnerability CVE-2016-7056
Security Advisory Description A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. CVE-2016-7056 Impact A malicious user with local access can recover Elliptic Curve Digital Signature Algorithm ECDSA...
CVE-2016-6304
Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions...
OpenSSL Certificate Message Out-of-Bounds Read Vulnerability
OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. Versions of OpenSSL prior to 1.0.2i and 1.0.1u sometimes lack message length checks, resulting in a risk of denial-of-service attacks...