19 matches found
Siemens SCALANCE X-200RNA Switch Devices Improper Input Validation (CVE-2016-6305)
The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service infinite loop by triggering a zero-length record in an SSLpeek call. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...
Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)
Summary OpenSSL vulnerabilities were disclosed on September 22 and September 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Spectrum Control and Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVEs. Vulnerabili...
Huawei Data Communication: Sixteen OpenSSL Vulnerabilities on Some Huawei products (huawei-sa-20170322-01-openssl)
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i
Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tlsdecryptticket function ...
Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed on September 22 and 26,...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to...
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence RRDI. RRDI has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...
Internet Bug Bounty: SSL_peek() hang on empty record (CVE-2016-6305)
As described here: https://www.openssl.org/news/secadv/20160922.txt...
OpenSSL SSL_peek Infinite Loop Denial of Service (CVE-2016-6305)
A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in SSLpeek API that causes an infinite loop to occur when processing empty records. A remote, unauthenticated attacker can exploit this vulnerability by supplying an empty record during an SSL connection...
Amazon Linux: Security Advisory (ALAS-2016-749)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenSSL < 1.1.0a Multiple Vulnerabilities
Binary data 9626.prm...
OpenSSL 1.1.0 < 1.1.0a Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0a. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0a advisory. - The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of...
OpenSSL SSL_peek hang on empty record DoS Vulnerability - Linux
OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
CVE-2016-6305
The CVE-2016-6305 issue affects OpenSSL 1.1.0 before 1.1.0a, where ssl3_read_bytes in record/rec_layer_s3.c can cause a denial of service (infinite loop) when a zero-length record is processed via SSL_peek. Public sources (OpenSSL security advisory, vendor reports) confirm the vulnerability in th...
Amazon Linux AMI : openssl (ALAS-2016-749)
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...
[slackware-security] openssl
New openssl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2i-i586-1slack14.2.txz: Upgraded. This update fixes denial-of-service and other security issues. For more...
Important: openssl
Issue Overview: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available...