5 matches found
OpenSSL 3.1.0 < 3.1.6 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.1.6 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the function...
OpenSSL 3.2.0 < 3.2.2 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.2 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the function...
OpenSSL 1.1.1 < 1.1.1y Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.1y. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1y advisory. - Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impac...
Vulnerability in OpenSSL - Empty CKE with client auth and DHE
Empty CKE with client auth and DHE. If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. Found by Matt Caswell OpenSSL development team...
Vulnerability in OpenSSL - Handshake with unseeded PRNG
Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. Found by Matt Caswell...