Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-051)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-051 advisory. The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates...

K68013105: OpenSSL vulnerability CVE-2022-1343

Security Advisory Description The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate...

Amazon Linux 2022 : openssl (ALAS2022-2022-104)

The version of openssl installed on the remote host is prior to 3.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-104 advisory. The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is...

OpenSSL Trust Management Issue Vulnerability

OpenSSL is an open source Openssl team's general-purpose cryptographic library capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

OpenSSL update assessment, and Node.js project plans

OpenSSL update assessment, and Node.js project plans Summary The OpenSSL Security releases of May 3 2022 affects Node.js 17.x and 18.x but highest serverity is "Low" Analysis Our assessment of the security advisory is: The crehash script allows command injection CVE-2022-1292 Node.js doesn't use ...

GHSA-MFM6-R9G2-Q4R7 `OCSP_basic_verify` may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

FreeBSD : OpenSSL -- Multiple vulnerabilities (fceb2b08-cb76-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fceb2b08-cb76-11ec-a06f-d4c9ef517024 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenSSL vulnerabilities (USN-5402-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5402-1 advisory. Elison Niven discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to...

CVE-2022-1343

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

CVE-2022-1343

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

Design/Logic Flaw

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

CVE-2022-1343

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

CVE-2022-1343 OCSP_basic_verify may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

CVE-2022-1343

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

RUSTSEC-2022-0027 `OCSP_basic_verify` may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

CVE-2022-1343

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

Vulnerability in OpenSSL - OCSP_basic_verify may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

Debian DSA-1860-1 : ruby1.8, ruby1.9 - several vulnerabilities

Several vulnerabilities have been discovered in Ruby. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0642 The return value from the OCSPbasicverify function was not checked properly, allowing continued use of a revoked certificate. - CVE-2009-1904 ...

Mandriva Security Advisory MDVSA-2009:325 (ruby)

The remote host is missing an update to ruby announced via advisory MDVSA-2009:325. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Linux Security Advisory : ruby (MDVSA-2009:325)

Multiple vulnerabilities was discovered and corrected in ruby : ext/openssl/osslocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSPbasicverify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a...