3 matches found
gnutls 3.6.6 - verify_crt() Use-After-Free
gnutls 3.6.6 - verifycrt Use-After-Free Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely...
DEBIAN-CVE-2015-3196
ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...
UBUNTU-CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...