Vulnerability in OpenSSL - Possible denial of service in X.509 name checks

Issue summary : Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary : Abnormal termination of an application can a cause a denial o...

`openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin Google for reporting this issue...

RUSTSEC-2023-0022 `openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...

RUSTSEC-2023-0024 `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin Google for reporting this issue...

`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin Google for reporting this issue...

`openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

About the security content of tvOS 16.3.2

About the security content of tvOS 16.3.2 This document describes the security content of tvOS 16.3.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers

The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service DoS condition when parsing certificates. Tracked as CVE-2022-0778 CVSS score: 7.5, the issue stems from parsing a malformed certificate with...

USN-3512-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. CVE-2017-3737 It was discovered that OpenSSL incorrectly performed the x8664 Montgomery multiplication procedure. While unlikely, a remote...

Vulnerability in OpenSSL - Read/write after SSL object in error state

OpenSSL 1.0.2 starting from version 1.0.2b introduced an “error state” mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

Ubuntu: Security Advisory (USN-2959-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerability in OpenSSL - OpenSSL TLS protocol downgrade attack

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher...