OpenSSL 3.0.0 < 3.0.18 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.18. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.18 advisory. - Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy'...

K32553170: OpenSSL vulnerability CVE-2022-3358

Security Advisory Description OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom...

FreeBSD : OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher (7392e1e3-4eb9-11ed-856e-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7392e1e3-4eb9-11ed-856e-d4c9ef517024 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated...

ROS-20220929-01

BIND DNS server vulnerability is related to boundary conditions when reusing HTTP connection when requesting statistics from a statistics channel. Exploitation of the vulnerability could allow an attacker, acting remotely, using a managed DNS server to cause a read error outside the boundary...

CVE-2022-2906 Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service...

OpenSSL 3.0.0 < 3.0.3 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.3 advisory. - The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed has...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-1455)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3...

PT-2021-6876 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL version 3.0.0 OpenSSL versions prior to 3.0.1 Description: The issue is related to the mishandling of internal errors by the X509 verify cert function in OpenSSL. This function may return a negative value to indicate an internal error...