13 matches found
USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry
USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...
Vulnerability in OpenSSL - X509_ATTRIBUTE memory leak
When presented with a malformed X509ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS7 and CMS routines so any application which reads PKCS7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. Found by Adam Langley Google/BoringSSL using libFuzz...
Vulnerability in OpenSSL - OpenSSL TLS protocol downgrade attack
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher...
Vulnerability in OpenSSL - DTLS memory exhaustion
A DTLS flaw leading to memory exhaustion was found. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This could lead to a Denial of Service attack. Found by Adam Langley Google...
Vulnerability in OpenSSL - DTLS memory leak from zero-length fragments
A DTLS memory leak from zero-length fragments was found. By sending carefully crafted DTLS packets an attacker could cause OpenSSL to leak memory. This could lead to a Denial of Service attack. Found by Adam Langley Google...
Exploit for Inadequate Encryption Strength in Openssl
Adam Langley's tool for testing for OpenSSL CVE-2014-0224, origi...
OpenSSL - Remote DoS
No description provided by source. / hoagieopensslrecordofdeath.c OPENSSL REMOTE DENIAL-OF-SERVICE EXPLOIT - OpenSSL 0.9.8m short = 16 bit - OpenSSL 0.9.8f through 0.9.8m short != 16 bit CVE-2010-0740 Bug discovered by: Bodo Moeller and Adam Langley Google Philip Olausson [email protected]...
Internet Bug Bounty: TLS heartbeat read overrun
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering th...
Apple's SSL Vulnerability might allow NSA to hack iOS Devices Remotely
Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers. Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure...
Vulnerability in OpenSSL - TLS 1.1 and 1.2 AES-NI crash
A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. Found by Adam Langley and Wolfgang Ettlinger...
OpenSSL 1.0.1 ASN1 BIO Vulnerability
Exploit for multiple platform in category remote exploits OpenSSL Security Advisory 19 Apr 2012 ======================================= ASN1 BIO vulnerability CVE-2012-2110 ======================================= A potentially exploitable vulnerability has been discovered in the OpenSSL function...
Vulnerability in OpenSSL - Uninitialized SSL 3.0 Padding
OpenSSL failed to clear the bytes used as block cipher padding in SSL 3.0 records which could leak the contents of memory in some circumstances. Found by Adam Langley...
Vulnerability in OpenSSL CVE-2010-0740
In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL. Found by Bodo Moeller and Adam Langley Google...