DEBIAN-CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

UBUNTU-CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

DEBIAN-CVE-2011-4619

The Server Gated Cryptography SGC implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service CPU consumption via unspecified vectors...

openssl: missing bn_wexpand return value checks

OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors...

PT-2010-1091

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.0e OpenSSL versions prior to 1.0.0c Description The issue concerns multiple vulnerabilities in the OpenSSL package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of...

UBUNTU-CVE-2009-3941

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted...

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

DEBIAN-CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

SSL MITM Vulnerability

No description provided by source. include errno.h include stdio.h include string.h include unistd.h include sys/time.h include sys/socket.h include netinet/in.h include arpa/inet.h include netdb.h include openssl/ssl.h include openssl/ssl3.h void failconst char proc perrorproc; exit1; void...

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

httpd: mod_ssl per-connection memory leak for connections with zlib compression

Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server modssl that specify...

US-CERT Technical Cyber Security Alert TA06-333A -- Apple Releases Security Update to Address Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-333A Apple Releases Security Update to Address Multiple Vulnerabilities Original release date: November 29, 2006 Last revised: -- Source: US-CERT Systems Affected Apple Mac OS X version...

Open SSL timing attack

Because of timing difference it's possible to distinguish between bad padding and a MAC verification error. It's also possible to recover RSA secret...

security flaw

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

PT-2009-6717 · Openssl +3 · Openssl +3

Name of the Vulnerable Software and Affected Versions: Network Security Services NSS library versions prior to 3.12.3 GnuTLS versions prior to 2.6.4 and 2.7.4 OpenSSL versions 0.9.8 through 0.9.8k Description: The issue allows remote attackers to potentially spoof certificates by exploiting MD2...