openSUSE Security Update : openssl (openSUSE-SU-2014:0635-1)

Fixed bug bnc876282, CVE-2014-0198 openssl: OpenSSL NULL pointer dereference in dossl3write Add file: CVE-2014-0198.patch %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-359. The...

ESXi 5.5 < Build 1881737 OpenSSL Library Multiple Vulnerabilities (remote check)

The remote VMware ESXi host is 5.5 prior to build 1881737. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this...

openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()

The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via vectors...

openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()

The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via vectors...

OpenSSL do_ssl3_write Denial of Service (CVE-2014-0198)

A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an error in dossl3write in ssl/s3pkt.c. A remote unauthenticated attacker could exploit this vulnerability by triggering the generation of an Alert, leading to a NULL pointer dereference and causing a deni...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2192-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2192-1 advisory. It was discovered that OpenSSL incorrectly handled memory in the ssl3readbytes function. A remote attacker could use this issue to possibly cause OpenSSL...

USN-2192-1 openssl vulnerabilities

It was discovered that OpenSSL incorrectly handled memory in the ssl3readbytes function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. CVE-2010-5298 It was discovered that OpenSSL incorrectly handled memory in the dossl3write function...