Lucene search
K

101 matches found

OSV
OSV
added 2015/01/12 5:40 p.m.12 views

USN-2459-1 openssl vulnerabilities

Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. CVE-2014-3570 Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3571...

5CVSS7AI score0.98685EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2014/09/24 4:53 p.m.3 views

openssl: DTLS anonymous (EC)DH denial of service

A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman DH key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled...

4.3CVSS6.6AI score0.16946EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/14 4:44 a.m.6 views

openssl: DTLS packet processing double free

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.4334EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/14 4:44 a.m.5 views

openssl: DTLS anonymous (EC)DH denial of service

A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman DH key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled...

4.3CVSS6.6AI score0.16946EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/14 4:44 a.m.3 views

openssl: DTLS memory leak from zero-length fragments

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.51436EPSS
Exploits0References5
OSV
OSV
added 2014/08/13 11:55 p.m.2 views

DEBIAN-CVE-2014-3505

Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application crash via crafted DTLS packets that trigger an error condition...

5CVSS9.1AI score0.4334EPSS
Exploits0References1
OSV
OSV
added 2014/08/13 11:55 p.m.1 views

DEBIAN-CVE-2014-3506

d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values...

5CVSS6.8AI score0.44247EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/08/13 9:32 p.m.5 views

openssl: DTLS memory leak from zero-length fragments

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.51436EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/13 9:32 p.m.2 views

openssl: DTLS memory exhaustion

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.44247EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/13 6:18 p.m.13 views

openssl: DTLS memory exhaustion

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.44247EPSS
Exploits0References5
OSV
OSV
added 2014/08/07 6:13 p.m.7 views

USN-2308-1 openssl vulnerabilities

Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3505 Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS...

7.5CVSS6.8AI score0.7408EPSS
Exploits0References10
OSV
OSV
added 2014/08/07 12:0 a.m.6 views

UBUNTU-CVE-2014-3507

Memory leak in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via zero-length DTLS fragments that trigger improper handling of the return value of a certain...

5CVSS6.7AI score0.51436EPSS
Exploits0References4
OSV
OSV
added 2014/08/07 12:0 a.m.5 views

UBUNTU-CVE-2014-3505

Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application crash via crafted DTLS packets that trigger an error condition...

5CVSS6.7AI score0.4334EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/08/06 2:52 p.m.3 views

openssl: DoS when sending invalid DTLS handshake

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash...

4.3CVSS6.6AI score0.87892EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/06/10 12:23 p.m.6 views

openssl: Buffer overflow via DTLS invalid fragment

The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...

6.8CVSS7.2AI score0.99977EPSS
Exploits4References5
OSV
OSV
added 2014/06/05 9:55 p.m.2 views

DEBIAN-CVE-2014-0195

The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...

6.8CVSS9.7AI score0.99977EPSS
Exploits4References1
RedHat Linux
RedHat Linux
added 2014/06/05 11:50 a.m.4 views

openssl: Buffer overflow via DTLS invalid fragment

The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...

6.8CVSS7.2AI score0.99977EPSS
Exploits4References5
OSV
OSV
added 2013/02/03 1:55 a.m.2 views

UBUNTU-CVE-2013-1586

The fragmentsettotlen function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service application crash via a malformed packet...

2.9CVSS5.8AI score0.00826EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2012/09/24 3:55 p.m.2 views

openssl: DTLS plaintext recovery attack

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack...

4.3CVSS7AI score0.15757EPSS
Exploits0References4
OSV
OSV
added 2012/05/14 10:55 p.m.2 views

DEBIAN-CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

6.8CVSS8.7AI score0.28154EPSS
Exploits0References1
Rows per page
Query Builder