PT-2017-17775 · Mozilla +4 · Network Security Services +4

Name of the Vulnerable Software and Affected Versions: Network Security Services NSS versions 3.24.0 and later Description: A null pointer dereference issue was discovered in NSS when the server receives empty SSLv2 messages, potentially leading to a denial of service by a remote attacker...

CVE-2015-3197

ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the getclientmasterkey and...

FreeBSD : OpenSSL -- Multiple problems in crypto(3) (0f37d765-c5d4-11db-9f82-000e0c2e438a)

Several problems have been found in OpenSSL : - During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop. - A buffer overflow exists in the SSLgetsharedciphers function. - A NULL pointer may be dereferenced in the SSL version 2...

OpenSSL -- Multiple problems in crypto(3)

Problem Description: Several problems have been found in OpenSSL: During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSLgetsharedciphers function. A NULL pointer may be dereferenced in the...