Openssl Security Vulnerabilities and Issues — Openssl CVE List

Lucene search

OpensslOpenssl

9 matches found

CVE•added 2014/08/13 11:55 p.m.•136 views

CVE-2014-3505

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.

5CVSS5.6AI score0.40629EPSS

CVE•added 2014/08/13 11:55 p.m.•136 views

CVE-2014-3506

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.

5CVSS5.6AI score0.45521EPSS

CVE•added 2014/08/13 11:55 p.m.•123 views

CVE-2014-3512

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.

7.5CVSS4.9AI score0.66927EPSS

CVE•added 2014/08/13 11:55 p.m.•120 views

CVE-2014-3511

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol d...

4.3CVSS5.5AI score0.06952EPSS

CVE•added 2014/08/13 11:55 p.m.•118 views

CVE-2014-3508

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process st...

4.3CVSS5.5AI score0.01795EPSS

CVE•added 2014/08/13 11:55 p.m.•114 views

CVE-2014-3510

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a...

4.3CVSS5.5AI score0.17087EPSS

CVE•added 2014/08/13 11:55 p.m.•110 views

CVE-2014-3507

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain ...

5CVSS5.5AI score0.73248EPSS

CVE•added 2014/08/13 11:55 p.m.•104 views

CVE-2014-3509

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly hav...

6.8CVSS6.4AI score0.12339EPSS

CVE•added 2014/08/13 11:55 p.m.•86 views

CVE-2014-5139

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersu...

4.3CVSS3.7AI score0.15405EPSS