382 matches found
security flaw
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...
PT-2009-6717 · Openssl +3 · Openssl +3
Name of the Vulnerable Software and Affected Versions: Network Security Services NSS library versions prior to 3.12.3 GnuTLS versions prior to 2.6.4 and 2.7.4 OpenSSL versions 0.9.8 through 0.9.8k Description: The issue allows remote attackers to potentially spoof certificates by exploiting MD2...