Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-054)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-054 advisory. AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of...

USN-5710-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler...

FreeBSD : OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher (7392e1e3-4eb9-11ed-856e-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7392e1e3-4eb9-11ed-856e-d4c9ef517024 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated...

Improper Access Control

openssl is vulnerable to improper access control. The vulnerability exists in evpmdinitinternal and evpcipherinitinternal functions of digest.c and evpenc.c respectively which allows an attacker to incorrectly pass NIDundef as this value in the call to EVPCIPHERmethnew...

OpenSSL 3.0.0 < 3.0.6 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.0.6. It is, therefore, affected by a vulnerability as referenced in the 3.0.6 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecate...