Vulnerability in OpenSSL - DTLS memory exhaustion

A DTLS flaw leading to memory exhaustion was found. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This could lead to a Denial of Service attack. Found by Adam Langley Google...

Vulnerability in OpenSSL - Double Free when processing DTLS packets

A Double Free was found when processing DTLS packets. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This could lead to a Denial of Service attack. Found by Adam Langley and Wan-Teh Chang Google...

Vulnerability in OpenSSL - Race condition in ssl_parse_serverhello_tlsext

A race condition was found in sslparseserverhellotlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Found by Gabor Tyukasz LogMeIn Inc...

Vulnerability in OpenSSL - Crash with SRP ciphersuite in Server Hello message

A crash was found affecting SRP ciphersuites used in a Server Hello message. The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference read by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This...

Vulnerability in OpenSSL - DTLS recursion flaw

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. Found by Imre Rad Search-Lab Ltd...

Vulnerability in OpenSSL - DTLS invalid fragment vulnerability

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. Found by Jüri Aedla...

Vulnerability in OpenSSL - SSL/TLS MITM vulnerability

An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacker can decrypt and modify traffic from the attacked client and server. Found by KIKUCHI Masashi Lepidum Co. Ltd...

Vulnerability in OpenSSL - Anonymous ECDH denial of service

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. Found by Felix Gröbert and Ivan Fratrić Google...

Vulnerability in OpenSSL - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference

A flaw in the dossl3write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSLMODERELEASEBUFFERS is enabled, which is not the default and not common...

Vulnerability in OpenSSL - SSL_MODE_RELEASE_BUFFERS session injection or denial of service

A race condition in the ssl3readbytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSLMODERELEASEBUFFERS is enabled, which is not the default and not common...

Vulnerability in OpenSSL - TLS heartbeat read overrun

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server a.k.a. Heartbleed. This issue did not affect versions of OpenSSL prior to 1.0.1. Found by Neel Mehta...

Vulnerability in OpenSSL CVE-2014-0076

Fix for the attack described in the paper “Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack”. Found by Yuval Yarom and Naomi Benger...

Vulnerability in OpenSSL CVE-2013-4353

A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue only affected OpenSSL 1.0.1 versions. Found by Anton Johansson...

Vulnerability in OpenSSL CVE-2013-6449

A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. This issue only affected OpenSSL 1.0.1 versions. Found by Ron Barber...

Vulnerability in OpenSSL CVE-2013-6450

A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. This is not a vulnerability for OpenSSL prior to 1.0.0. Found by Dmitry Sobinov...

Vulnerability in OpenSSL - OCSP invalid key DoS issue

A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. Found by Stephen Henson...

Vulnerability in OpenSSL - TLS 1.1 and 1.2 AES-NI crash

A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. Found by Adam Langley and Wolfgang Ettlinger...

Vulnerability in OpenSSL - SSL, TLS and DTLS Plaintext Recovery Attack

A weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could lead to plaintext recovery by exploiting timing differences arising during MAC processing. Found by Nadhem J. AlFardan and Kenneth G. Paterson of the Information Security Group Royal Holloway, University of London...

Vulnerability in OpenSSL - Invalid TLS/DTLS record attack

An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled TLS 1.1, TLS 1.2, and DTLS Datagram Transport Layer Security application data record lengths when using a block cipher in CBC cipher-block chaining mode. A malicious TLS 1.1, TLS 1.2, or DTLS client or...

Vulnerability in OpenSSL - ASN1 BIO incomplete fix

It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110. Found by Red Hat...

Vulnerability in OpenSSL - ASN1 BIO vulnerability

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL’s I/O abstraction inputs. Specially-crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO input could cause...

Vulnerability in OpenSSL - CMS and S/MIME Bleichenbacher attack

A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher’s attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected, SSL/TLS applications are not affected by this issue. Found...

Vulnerability in OpenSSL - DTLS DoS attack

A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications are affected. Found by Antonio Martin...

Vulnerability in OpenSSL - Invalid GOST parameters DoS Attack

A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug. Found by Andrey Kulikov...

Vulnerability in OpenSSL - Malformed RFC 3779 Data Can Cause Assertion Failures

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Builds of OpenSSL are only vulnerable if configured with “enable-rfc3779”, which is not a default. Found by Andrew Chi...

Vulnerability in OpenSSL - Double-free in Policy Checks

If X509VFLAGPOLICYCHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected. Found by Ben Laurie...

Vulnerability in OpenSSL - Uninitialized SSL 3.0 Padding

OpenSSL failed to clear the bytes used as block cipher padding in SSL 3.0 records which could leak the contents of memory in some circumstances. Found by Adam Langley...

Vulnerability in OpenSSL - SGC Restart DoS Attack

Support for handshake restarts for server gated cryptograpy SGC can be used in a denial-of-service attack. Found by George Kadianakis...

Vulnerability in OpenSSL - DTLS Plaintext Recovery Attack

OpenSSL was susceptable an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS by exploiting timing differences arising during decryption processing. Found by Nadhem Alfardan and Ken...

Vulnerability in OpenSSL CVE-2011-3210

OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order. Only server-side applications that specifically support ephemeral ECDH ciphersuites are affected, and only if...

Vulnerability in OpenSSL CVE-2011-3207

Under certain circumstances OpenSSL’s internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. Applications are only affected by the CRL checking vulnerability if they enable OpenSSL’s internal CRL checking which is off by default. Application...

Vulnerability in OpenSSL CVE-2011-0014

A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS handshake messages. A remote attacker could possibly use this flaw to crash an SSL server using the affected OpenSSL functionality. Found by Neel Mehta...

Vulnerability in OpenSSL CVE-2010-4180

A flaw in the OpenSSL SSL/TLS server code where an old bug workaround allows malicious clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. This issue only affects OpenSSL based SSL/TLS server if it uses...

Vulnerability in OpenSSL CVE-2010-4252

An error in OpenSSL’s experimental J-PAKE implementation which could lead to successful validation by someone with no knowledge of the shared secret. The OpenSSL Team still consider the implementation of J-PAKE to be experimental and is not compiled by default. Found by Sebastian Martini...

Vulnerability in OpenSSL CVE-2010-3864

A flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL’s internal caching mechanism. Servers that are multi-process and/or disable internal...

Vulnerability in OpenSSL CVE-2010-1633

An invalid Return value check in pkeyrsaverifyrecover was discovered. When verification recovery fails for RSA keys an uninitialised buffer with an undefined length is returned instead of an error code. This could lead to an information leak. Found by Peter-Michael Hager...

Vulnerability in OpenSSL CVE-2010-0742

A flaw in the handling of CMS structures containing OriginatorInfo was found which could lead to a write to invalid memory address or double free. CMS support is disabled by default in OpenSSL 0.9.8 versions. Found by Ronald Moesbergen...

Vulnerability in OpenSSL CVE-2010-0740

In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL. Found by Bodo Moeller and Adam Langley Google...

Vulnerability in OpenSSL CVE-2009-3245

It was discovered that OpenSSL did not always check the return value of the bnwexpand function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. Found by Martin Olsson, Neel...

Vulnerability in OpenSSL CVE-2010-0433

A missing return value check flaw was discovered in OpenSSL, that could possibly cause OpenSSL to call a Kerberos library function with invalid arguments, resulting in a NULL pointer dereference crash in the MIT Kerberos library. In certain configurations, a remote attacker could use this flaw to...

Vulnerability in OpenSSL CVE-2009-4355

A memory leak in the zlibstatefulfinish function in crypto/comp/czlib.c allows remote attackers to cause a denial of service via vectors that trigger incorrect calls to the CRYPTOcleanupallexdata function. Found by Michael K Johnson and Andy Grimm rPath...

Vulnerability in OpenSSL CVE-2009-3555

Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation...

Vulnerability in OpenSSL CVE-2009-1386

Fix a NULL pointer dereference if a DTLS server recieved ChangeCipherSpec as first record. A remote attacker could use this flaw to cause a DTLS server to crash. Found by Alex Lam...

Vulnerability in OpenSSL CVE-2009-1377

Fix a denial of service flaw in the DTLS implementation. Records are buffered if they arrive with a future epoch to be processed after finishing the corresponding handshake. There is currently no limitation to this buffer allowing an attacker to perform a DOS attack to a DTLS server by sending...

Vulnerability in OpenSSL CVE-2009-1378

Fix a denial of service flaw in the DTLS implementation. In dtls1processoutofseqmessage the check if the current message is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack against a DTLS server by sending out of...

Vulnerability in OpenSSL CVE-2009-1379

Use-after-free vulnerability in the dtls1retrievebufferedfragment function could cause a client accessing a malicious DTLS server to crash. Found by Daniel Mentz, Robin Seggelmann...

Vulnerability in OpenSSL CVE-2009-0590

The function ASN1STRINGprintex when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers,...

Vulnerability in OpenSSL CVE-2009-0789

When a malformed ASN1 structure is received it’s contents are freed up and zeroed and an error condition returned. On a small number of platforms where sizeoflong sizeofvoid for example WIN64 this can cause an invalid memory access later resulting in a crash when some invalid structures are read,...

Vulnerability in OpenSSL CVE-2009-0591

The function CMSverify does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked. Found by Ivan Nestlerode, IBM...

Vulnerability in OpenSSL CVE-2009-1387

Fix denial of service flaw due in the DTLS implementation. A remote attacker could use this flaw to cause a DTLS server to crash. Found by Robin Seggelmann...