Openssl Security Vulnerabilities and Issues — Openssl CVE List

Lucene search

OpensslOpenssl

4 matches found

CVE•added 2003/11/17 5:0 a.m.•80 views

CVE-2002-1568

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY message...

5CVSS7.5AI score0.00882EPSS

CVE•added 2003/11/17 5:0 a.m.•77 views

CVE-2003-0543

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.

5CVSS9.2AI score0.33105EPSS

CVE•added 2003/11/17 5:0 a.m.•77 views

CVE-2003-0545

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

10CVSS9.6AI score0.71739EPSS

CVE•added 2003/11/17 5:0 a.m.•64 views

CVE-2003-0544

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

5CVSS9.1AI score0.20083EPSS