14 matches found
EUVD-2015-3263
Malware in sbrugna...
Siemens SCALANCE X-200RNA Switch Devices Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2015-1791)
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
SUSE CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
SUSE CVE-2015-3196
ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...
OpenSSL: Race condition handling PSK identify hint
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key PSK identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL...
OpenSSL: Race condition handling PSK identify hint
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key PSK identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL...
CVE-2015-3196
ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...
Debian Security Advisory DSA 3287-1 (openssl - security update)
Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of...
CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2639-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2639-1 advisory. Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker cou...
OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.1n. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1n advisory. - The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2...
CVE-2015-1791
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
EUVD-2015-1917
Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...
openssl: race condition in ssl_parse_serverhello_tlsext
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...