228 matches found
Vulnerability in OpenSSL - Information leak in pretty printing functions
A flaw in OBJobj2txt may cause pretty printing functions such as X509nameoneline, X509nameprintex, to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Found by...
Vulnerability in OpenSSL CVE-2010-3864
A flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL’s internal caching mechanism. Servers that are multi-process and/or disable internal...
Vulnerability in OpenSSL CVE-2004-0079
The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the dochangecipherspec function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash. Found by OpenSSL group...
Vulnerability in OpenSSL CVE-2003-0078
sl3getrecord in s3pkt.c did not perform a MAC computation if an incorrect block cipher padding was used, causing an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading...
Vulnerability in OpenSSL - Multiblock corrupted pointer
Multiblock corrupted pointer. OpenSSL 1.0.2 introduced the “multiblock” performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of “multiblock” can cause OpenSSL’s internal write buffer to become...
Vulnerability in OpenSSL - Crash with SRP ciphersuite in Server Hello message
A crash was found affecting SRP ciphersuites used in a Server Hello message. The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference read by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This...
Vulnerability in OpenSSL - OpenSSL DTLS anonymous EC(DH) denial of service
A flaw in handling DTLS anonymous ECDH ciphersuites was found. OpenSSL DTLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference read by specifying an anonymous ECDH ciphersuite and sending...
Vulnerability in OpenSSL - Invalid GOST parameters DoS Attack
A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug. Found by Andrey Kulikov...
Vulnerability in OpenSSL CVE-2009-0590
The function ASN1STRINGprintex when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers,...
Vulnerability in OpenSSL CVE-2007-4995
A flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified. Found by Andy Polyakov...
Vulnerability in OpenSSL CVE-2003-0545
Certain ASN.1 encodings that were rejected as invalid by the parser could trigger a bug in the deallocation of the corresponding data structure, corrupting the stack, leading to a crash. Found by NISCC...
Vulnerability in OpenSSL - Alternative chains certificate forgery
An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. Found by Adam...
Vulnerability in OpenSSL CVE-2010-4180
A flaw in the OpenSSL SSL/TLS server code where an old bug workaround allows malicious clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. This issue only affects OpenSSL based SSL/TLS server if it uses...
Vulnerability in OpenSSL CVE-2009-1378
Fix a denial of service flaw in the DTLS implementation. In dtls1processoutofseqmessage the check if the current message is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack against a DTLS server by sending out of...
Vulnerability in OpenSSL CVE-2008-1672
Testing using the Codenomicon TLS test suite discovered a flaw if the ‘Server Key exchange message’ is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash. Found by...
Vulnerability in OpenSSL CVE-2002-1568
The use of assertions when detecting buffer overflow attacks allowed remote attackers to cause a denial of service crash by sending certain messages to cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENTMASTERKEY messages, which were not properly handled in s2srvr.c...
Vulnerability in OpenSSL - Empty CKE with client auth and DHE
Empty CKE with client auth and DHE. If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. Found by Matt Caswell OpenSSL development team...
Vulnerability in OpenSSL - TLS 1.1 and 1.2 AES-NI crash
A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. Found by Adam Langley and Wolfgang Ettlinger...
Vulnerability in OpenSSL CVE-2006-2940
Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. Found by openssl...
Vulnerability in OpenSSL - SRP buffer overrun
A SRP buffer overrun was found. A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. Found by Sean Devlin and Watson Ladd Cryptography Services, NCC Group...
Vulnerability in OpenSSL - SGC Restart DoS Attack
Support for handshake restarts for server gated cryptograpy SGC can be used in a denial-of-service attack. Found by George Kadianakis...
Vulnerability in OpenSSL CVE-2002-0657
A buffer overflow when Kerberos is enabled allowed attackers to execute arbitrary code by sending a long master key. Note that this flaw did not affect any released version of 0.9.6 or 0.9.7. Found by OpenSSL Group A.L. Digital...
Vulnerability in OpenSSL CVE-2007-5502
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. Found by Geof...
Vulnerability in OpenSSL - Anon DH ServerKeyExchange with 0 p parameter
If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack. Found by Guy Leaver Cisco...
Vulnerability in OpenSSL CVE-2009-0591
The function CMSverify does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked. Found by Ivan Nestlerode, IBM...
Vulnerability in OpenSSL - SSLv2 Client Crash
A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. Found by openssl...
Vulnerability in OpenSSL CVE-2011-0014
A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS handshake messages. A remote attacker could possibly use this flaw to crash an SSL server using the affected OpenSSL functionality. Found by Neel Mehta...
Vulnerability in OpenSSL CVE-2011-3210
OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order. Only server-side applications that specifically support ephemeral ECDH ciphersuites are affected, and only if...