K20219314: OpenSSL vulnerability CVE-2015-1794

Security Advisory Description The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message. CVE-2015-1794 Impact There is no impac...

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-2076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Brute Force Decryption

OpenSSL is vulnerable to brute-force decryption attacks and RSA-to-EXPORTRSA downgrade attacks. These attacks are possible through the ssl3getkeyexchange function which offers a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue...

ECDHE-to-ECDH Downgrade Attacks

OpenSSL is vulnerable to ECDHE-to-ECDH downgrade attacks. This is due to a flaw in ssl3getkeyexchange which allows attackers to trigger a loss of forward secrecy to omitting the ServerKeyExchange message...

OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities

Binary data 9463.prm...

The vulnerability of the JRockit software platform allows a malicious actor to simplify the process of decoding messages remotely.

A vulnerability in the JRockit software platform is related to a bug in the ssl3getkeyexchange function in the s3clnt.c file of the OpenSSL cryptographic library. Exploiting this vulnerability could allow an attacker to simplify the decryption process by using an insufficiently secure RSA key...

CVE-2015-0204

CVE-2015-0204 affects OpenSSL client code and enables a Man‑in‑the‑Middle downgrade attack (FREAK) by negotiating an export‑grade RSA key. Affected OpenSSL versions: 0.9.8z d and earlier; 1.0.0 up to but not including 1.0.0p; 1.0.1 up to but not including 1.0.1k. The vulnerability allows brute‑fo...

Mandriva Update for openssl MDVSA-2010:168 (openssl)

Check for the Version of openssl OpenVAS Vulnerability Test Mandriva Update for openssl MDVSA-2010:168 openssl Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Linux Security Advisory : openssl (MDVSA-2010:168)

A vulnerability has been found and corrected in openssl : Double free vulnerability in the ssl3getkeyexchange function in the OpenSSL client ssl/s3clnt.c in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service...

Double free

Double free vulnerability in the ssl3getkeyexchange function in the OpenSSL client ssl/s3clnt.c in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...