Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2018/07/12 4:14 p.m.7 views

openssl: Read/write after SSL object in error state

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

5.9CVSS6.9AI score0.78675EPSS
Exploits1References5
NVD
NVD
added 2018/04/16 6:29 p.m.17 views

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

5.9CVSS6.4AI score0.12046EPSS
Exploits0References34
Debian CVE
Debian CVE
added 2018/04/16 5:0 p.m.42 views

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

5.9CVSS6.4AI score0.12046EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/04/10 11:21 a.m.6 views

openssl: Read/write after SSL object in error state

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

5.9CVSS6.9AI score0.78675EPSS
Exploits1References5
Prion
Prion
added 2017/12/07 4:29 p.m.27 views

Design/Logic Flaw

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

4.3CVSS6AI score0.78675EPSS
Exploits1References21Affected Software2
OSV
OSV
added 2017/12/07 4:29 p.m.1 views

DEBIAN-CVE-2017-3737

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

5.9CVSS6.9AI score0.78675EPSS
Exploits1References1
Rows per page
Query Builder