Vulnerability in OpenSSL - Uninitialized SSL 3.0 Padding

OpenSSL failed to clear the bytes used as block cipher padding in SSL 3.0 records which could leak the contents of memory in some circumstances. Found by Adam Langley...

Vulnerability in OpenSSL - DTLS DoS attack

A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications are affected. Found by Antonio Martin...

Vulnerability in OpenSSL - DH client certificates accepted without verification [Server]

An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates...

Vulnerability in OpenSSL - DTLS memory leak from zero-length fragments

A DTLS memory leak from zero-length fragments was found. By sending carefully crafted DTLS packets an attacker could cause OpenSSL to leak memory. This could lead to a Denial of Service attack. Found by Adam Langley Google...

Vulnerability in OpenSSL - DTLS invalid fragment vulnerability

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. Found by Jüri Aedla...

Vulnerability in OpenSSL - OCSP invalid key DoS issue

A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. Found by Stephen Henson...

Vulnerability in OpenSSL CVE-2007-5135

A flaw was found in the SSLgetsharedciphers utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte. Few applications make use of this vulnerable function and generally it is used only when applications are...

Vulnerability in OpenSSL CVE-2005-2969

A deprecated option, SSLOPMISESSLV2RSAPADDING, could allow an attacker acting as a “man in the middle” to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. Found by researcher...

Vulnerability in OpenSSL CVE-2002-0655

Inproper handling of ASCII representations of integers on 64 bit platforms allowed remote attackers to cause a denial of service or possibly execute arbitrary code. Found by OpenSSL Group A.L. Digital...

Vulnerability in OpenSSL - DTLS memory exhaustion

A DTLS flaw leading to memory exhaustion was found. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This could lead to a Denial of Service attack. Found by Adam Langley Google...

Vulnerability in OpenSSL - Malformed RFC 3779 Data Can Cause Assertion Failures

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Builds of OpenSSL are only vulnerable if configured with “enable-rfc3779”, which is not a default. Found by Andrew Chi...

Vulnerability in OpenSSL - Double-free in Policy Checks

If X509VFLAGPOLICYCHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected. Found by Ben Laurie...

Vulnerability in OpenSSL CVE-2011-3207

Under certain circumstances OpenSSL’s internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. Applications are only affected by the CRL checking vulnerability if they enable OpenSSL’s internal CRL checking which is off by default. Application...

Vulnerability in OpenSSL CVE-2003-0544

Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote attackers to cause a denial of service crash by sending an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Found by NISCC...

Vulnerability in OpenSSL CVE-2003-0131

The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between...

Vulnerability in OpenSSL - OOB read in TS_OBJ_print_bio()

The function TSOBJprintbio misuses OBJobj2txt: the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. Found by Shi Lei Gear Team, Qihoo 360 Inc...

Vulnerability in OpenSSL - Race condition handling PSK identify hint

If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSLCTX structure. This can result in a race condition potentially leading to a double free of the identify hint data. Found by Stephen Henson OpenSSL...

Vulnerability in OpenSSL CVE-2010-0742

A flaw in the handling of CMS structures containing OriginatorInfo was found which could lead to a write to invalid memory address or double free. CMS support is disabled by default in OpenSSL 0.9.8 versions. Found by Ronald Moesbergen...

Vulnerability in OpenSSL CVE-2023-1255

Issue summary : The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary : Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

Vulnerability in OpenSSL - OCSP_basic_verify may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

Vulnerability in OpenSSL - Excessive allocation of memory in dtls1_preprocess_fragment()

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being...

Vulnerability in OpenSSL CVE-2013-4353

A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue only affected OpenSSL 1.0.1 versions. Found by Anton Johansson...

Vulnerability in OpenSSL CVE-2009-0789

When a malformed ASN1 structure is received it’s contents are freed up and zeroed and an error condition returned. On a small number of platforms where sizeoflong sizeofvoid for example WIN64 this can cause an invalid memory access later resulting in a crash when some invalid structures are read,...

Vulnerability in OpenSSL CVE-2004-0975

The derchop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant derchop script, and this script was removed from the OpenSSL distribution...

Vulnerability in OpenSSL - Encrypt-Then-Mac renegotiation crash

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL to crash dependent on ciphersuite. Both clients and servers are affected. Found by Joe Orton Red Hat...

Vulnerability in OpenSSL - Bad (EC)DHE parameters cause a client crash

If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. Found by Guido Vranken...

Vulnerability in OpenSSL - Handshake with unseeded PRNG

Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. Found by Matt Caswell...

Vulnerability in OpenSSL - Race condition in ssl_parse_serverhello_tlsext

A race condition was found in sslparseserverhellotlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Found by Gabor Tyukasz LogMeIn Inc...

Vulnerability in OpenSSL - Excessive allocation of memory in tls_get_message_header()

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being...

Vulnerability in OpenSSL - DTLS replay protection DoS

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection “window” before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch which does not have to decry...

Vulnerability in OpenSSL - Invalid free in DTLS

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014. If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a...

Vulnerability in OpenSSL - Segmentation fault in ASN1_TYPE_cmp

Segmentation fault in ASN1TYPEcmp. The function ASN1TYPEcmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1TYPEcmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and...

Vulnerability in OpenSSL CVE-2010-1633

An invalid Return value check in pkeyrsaverifyrecover was discovered. When verification recovery fails for RSA keys an uninitialised buffer with an undefined length is returned instead of an error code. This could lead to an information leak. Found by Peter-Michael Hager...

Vulnerability in OpenSSL CVE-2009-4355

A memory leak in the zlibstatefulfinish function in crypto/comp/czlib.c allows remote attackers to cause a denial of service via vectors that trigger incorrect calls to the CRYPTOcleanupallexdata function. Found by Michael K Johnson and Andy Grimm rPath...

Vulnerability in OpenSSL CVE-2003-0851

A flaw in OpenSSL 0.9.6k only would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequence...

Vulnerability in OpenSSL - DTLS segmentation fault in dtls1_get_record

A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack. Found by Markus Stenberg of Cisco Systems, Inc...

Vulnerability in OpenSSL CVE-2008-0891

Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server...

Vulnerability in OpenSSL CVE-2003-0147

RSA blinding was not enabled by default, which could allow local and remote attackers to obtain a server’s private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

Vulnerability in OpenSSL - CMS Null dereference

Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings...

Vulnerability in OpenSSL - EBCDIC overread

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509NAMEoneline function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Found by Guido Vranken...

Vulnerability in OpenSSL - X509_to_X509_REQ NULL pointer deref

X509toX509REQ NULL pointer deref. The function X509toX509REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice. Found by Brian Carpenter...

Vulnerability in OpenSSL - ASN1 BIO vulnerability

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL’s I/O abstraction inputs. Specially-crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO input could cause...

Vulnerability in OpenSSL - DTLS Plaintext Recovery Attack

OpenSSL was susceptable an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS by exploiting timing differences arising during decryption processing. Found by Nadhem Alfardan and Ken...

Vulnerability in OpenSSL CVE-2009-1377

Fix a denial of service flaw in the DTLS implementation. Records are buffered if they arrive with a future epoch to be processed after finishing the corresponding handshake. There is currently no limitation to this buffer allowing an attacker to perform a DOS attack to a DTLS server by sending...

Vulnerability in OpenSSL CVE-2006-2937

During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. Found by openssl...

Vulnerability in OpenSSL - RSA Signature Forgery

Daniel Bleichenbacher discovered an attack on PKCS 1 v1.5 signatures where under certain circumstances it may be possible for an attacker to forge a PKCS 1 v1.5 signature that would be incorrectly verified by OpenSSL. Found by openssl...

Vulnerability in OpenSSL - Segmentation fault for invalid PSS parameters

Segmentation fault for invalid PSS parameters. The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can ...

Vulnerability in OpenSSL - DTLS memory leak in dtls1_buffer_record

A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack throug...

Vulnerability in OpenSSL - Information leak in pretty printing functions

A flaw in OBJobj2txt may cause pretty printing functions such as X509nameoneline, X509nameprintex, to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Found by...

Vulnerability in OpenSSL CVE-2010-3864

A flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL’s internal caching mechanism. Servers that are multi-process and/or disable internal...