openSUSE Security Update : libopenssl-devel (libopenssl-devel-3937)

This update improves the ClientHello handshake message parsing function. Prior to this update is was possible that this function reads beyond the end of a message leading to invalid memory access and a crash. Under some circumstances it was possible that information from the OCSP extensions was...

Debian Security Advisory DSA 2162-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 2162-1. OpenVAS Vulnerability Test $Id: deb21621.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2162-1 openssl Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Debian: Security Advisory (DSA-2162-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-0014

ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access,...

DEBIAN-CVE-2011-0014

ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access,...

Ubuntu Update for openssl vulnerability USN-1064-1

Ubuntu Update for Linux kernel vulnerabilities USN-1064-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10641.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for openssl vulnerability USN-1064-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

OpenSSL DoS

Uninitialized memory reference on ClientHello request parsing...

DSA-2162-1 openssl - invalid memory access

Bulletin has no description...

OpenSSL 1.0.0 < 1.0.0d Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.0d. It is, therefore, affected by a vulnerability as referenced in the 1.0.0d advisory. - ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and...

CVE-2011-0014

ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access,...

openssl: DTLS NULL deref crash on early ChangeCipherSpec request

ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello...

Null pointer dereference

ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello...

CVE-2009-1386

ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello...

DEBIAN-CVE-2009-1386

ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello...

CVE-2009-1386

CVE-2009-1386 affects OpenSSL’s DTLS implementation: ssl/s3_pkt.c in OpenSSL versions before 0.9.8i allows a remote attacker to cause a denial of service via a ChangeCipherSpec datagram sent before ClientHello, causing a NULL pointer dereference and daemon crash. Public details place the vulnerab...