139 matches found
CVE-2017-3730
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...
CVE-2017-3730 Bad (EC)DHE parameters cause a client crash
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...
CVE-2017-3730
OpenSSL 1.1.0 before 1.1.0d is affected. A malicious server may supply bad DHE/ECDHE parameters causing the client to dereference a NULL pointer, resulting in a client crash and a Denial of Service. This is the explicit root cause described in multiple sources. Remediation is to upgrade to OpenSS...
BSA-2017-258
Security Advisory ID : BSA-2017-258 Component : ECDHE Parameters Revision : 1.0: Interim If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointerleading to a client crash. This could be exploited in a...
EulerOS 2.0 SP1 : nss, nspr, nss-softokn, nss-util (EulerOS-SA-2016-1017)
According to the versions of the nss, nspr, nss-softokn, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way NSS handled DHE Diffie-Hellman key exchange and ECDHE Elliptic Curve...
Weblate: Web server is vulnerable to Beast Attack
Supported versions: TLSv1.0 TLSv1.1 TLSv1.2 Deflate compression: no Supported cipher suites ORDER IS NOT SIGNIFICANT: TLSv1.0 RSAWITHAES128CBCSHA DHERSAWITHAES128CBCSHA RSAWITHAES256CBCSHA DHERSAWITHAES256CBCSHA TLSv1.1: idem TLSv1.2 RSAWITHAES128CBCSHA DHERSAWITHAES128CBCSHA RSAWITHAES256CBCSHA...
OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference (CVE-2017-3730)
A NULL pointer dereference vulnerability exists in OpenSSL. This vulnerability is due to the way crafted DHE and ECDHE parameters are handled by an OpenSSL client application during TLS handshake. A remote attacker could exploit this vulnerability in an OpenSSL client application, by sending...
OpenSSL Bad (EC)DHE Parameters DoS Vulnerability - Linux
OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
OpenSSL Bad (EC)DHE Parameters DoS Vulnerability - Windows
OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0d advisory. - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d...
CVE-2017-3730
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...
Internet Bug Bounty: CVE-2017-3730: Bad (EC)DHE parameters cause a client crash
https://www.openssl.org/news/secadv/20170126.txt https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/...
Vulnerability in OpenSSL - BN_mod_exp may produce incorrect results on x86_64
There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible...
Vulnerability in OpenSSL - Bad (EC)DHE parameters cause a client crash
If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. Found by Guido Vranken...
Amazon Linux: Security Advisory (ALAS-2016-702)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : apache2-mod_nss (SUSE-SU-2016:2396-1) (POODLE)
This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements : - Fix OpenSSL ciphers stopped parsing at +. CVE-2016-3099 - Created valgrind suppression files to ease debugging. - Implement SSLPPTYPEFILTER to call executables to get the key password pins. - Improvements ...
Security update for MozillaFirefox, mozilla-nss (important)
MozillaFirefox was updated to version 49.0 boo999701 - New features Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. Added features to Reader Mode that make it easier on the eyes and the ears Improved video performance for users on systems that support SSE3 without...
SUSE SLES11 Security Update : apache2-mod_nss (SUSE-SU-2016:2329-1) (POODLE)
This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements : - SHA256 cipher names change spelling from sha256 to sha256. - Drop modnssmigrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. ...
Medium: nspr, nss-util, nss, nss-softokn
Issue Overview: A use-after-free flaw was found in the way NSS handled DHE DiffieHellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS,...
Oracle Linux 7 : nss, / nspr, / nss-softokn, / and / nss-util (ELSA-2016-0685)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0685 advisory. - Pick up upstream freebl patch for CVE-2015-2730 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...