159 matches found
OpenSSL ASN1 BIO Memory Corruption Vulnerability
No description provided by source. Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production...
UBUNTU-CVE-2014-0195
The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...
DEBIAN-CVE-2013-6450
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service...
CVE-2013-0166
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service NULL pointer dereference and application crash via an invalid key...
openssl: asn1_d2i_read_bio integer errors leading to buffer overflow
The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service memory corruption or possibly have...
openssl: SGC restart DoS attack
The Server Gated Cryptography SGC implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service CPU consumption via unspecified vectors...
PT-2010-1086 · Openssl +2 · Openssl +2
Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8n OpenSSL versions prior to 1.0.0e Description: The issue is related to the kssl keytab is available function in OpenSSL, which, when Kerberos is enabled but Kerberos configuration files cannot be opened, does n...
openssl: mime_hdr_cmp NULL dereference crash
The mimehdrcmp function in crypto/asn1/asnmime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted S/MIME message...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
openssl public key DoS
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...
PT-2008-1041 · Openssl · Openssl
Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.8c-1 through 0.9.8g-9 Description: The issue concerns a random number generator in OpenSSL that generates predictable numbers, making it easier for remote attackers to conduct brute force guessing attacks against...
openssl get_shared_ciphers overflow
Buffer overflow in the SSLgetsharedciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers...
OpenSSL RSA Signature Forgery Vulnerability
OpenSSL versions 0.9.7j and prior and 0.9.8b and prior contain a vulnerability that could allow an unauthenticated, remote attacker to successfully pass a forged X.509 certificate. The vulnerability could allow an unauthenticated, remote attacker to pass a forged Public-Key Cryptography Standards...
openssl mitm downgrade attack
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...
security flaw
The dochangecipherspec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that triggers a null dereference...
DEBIAN-CVE-2003-0543
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service crash via an SSL client certificate with certain ASN.1 tag values...
CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations Original issue date: October 1, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected OpenSSL versions prior to 0.9.7c and 0.9.6...
security flaw
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via 1 a large client master key in SSL2 or 2 a large session ID in SSL3...
PT-2009-6750 · Openssl +3 · Openssl +4
Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8q OpenSSL versions 1.0.x prior to 1.0.0c openssl-devel-0.9.7a openssl-0.9.7a compat-openssl097g compat-openssl097g-32bit openssl prior to version 1.0.0e Description: The issue involves multiple vulnerabilities i...