Lucene search

K
OpensslOpenssl

39 matches found

CVE
CVE
added 2012/01/06 1:55 a.m.13034 views

CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

4.3CVSS7.2AI score0.01154EPSS
CVE
CVE
added 2014/06/05 9:55 p.m.12801 views

CVE-2014-3470

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certifi...

4.3CVSS7.4AI score0.91996EPSS
CVE
CVE
added 2015/05/21 12:59 a.m.1130 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.94027EPSS
CVE
CVE
added 2014/10/15 12:55 a.m.836 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.94196EPSS
CVE
CVE
added 2023/02/24 3:15 p.m.639 views

CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verif...

4.9CVSS6.9AI score0.00404EPSS
CVE
CVE
added 2018/11/15 9:29 p.m.586 views

CVE-2018-5407

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

4.7CVSS5.6AI score0.00674EPSS
CVE
CVE
added 2025/01/20 2:15 p.m.502 views

CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would requ...

4.1CVSS4.1AI score0.00071EPSS
CVE
CVE
added 2015/01/09 2:59 a.m.494 views

CVE-2015-0204

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related...

4.3CVSS6.5AI score0.92473EPSS
CVE
CVE
added 2019/09/10 5:15 p.m.424 views

CVE-2019-1547

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have ...

4.7CVSS5.6AI score0.0016EPSS
CVE
CVE
added 2024/10/16 5:15 p.m.370 views

CVE-2024-9143

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrustedexplicit values for the field polynomial can lead to out-of-bounds memory readsor writes. Impact summary: Out of bound memory writes can lead to an application crash oreven a possibility of a remote code execution, howeve...

4.3CVSS4.9AI score0.00652EPSS
CVE
CVE
added 2020/09/09 2:15 p.m.369 views

CVE-2020-1968

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted com...

4.3CVSS4.1AI score0.0072EPSS
CVE
CVE
added 2019/09/10 5:15 p.m.364 views

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted wi...

4.3CVSS5.5AI score0.01423EPSS
CVE
CVE
added 2021/02/16 5:15 p.m.223 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than...

4.3CVSS5.5AI score0.00261EPSS
CVE
CVE
added 2015/06/12 7:59 p.m.194 views

CVE-2015-1788

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a d...

4.3CVSS6AI score0.20416EPSS
CVE
CVE
added 2006/09/05 5:4 p.m.173 views

CVE-2006-4339

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X....

4.3CVSS7.1AI score0.07729EPSS
CVE
CVE
added 2014/04/14 10:38 p.m.158 views

CVE-2010-5298

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment...

4CVSS7AI score0.14635EPSS
CVE
CVE
added 2014/01/09 1:55 a.m.156 views

CVE-2013-4353

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

4.3CVSS7.1AI score0.42181EPSS
CVE
CVE
added 2014/06/05 9:55 p.m.146 views

CVE-2014-0221

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

4.3CVSS6.8AI score0.83021EPSS
CVE
CVE
added 2014/05/06 10:44 a.m.142 views

CVE-2014-0198

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via v...

4.3CVSS7.4AI score0.32978EPSS
CVE
CVE
added 2015/12/06 8:59 p.m.136 views

CVE-2015-3196

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted Ser...

4.3CVSS6.2AI score0.05012EPSS
CVE
CVE
added 2015/07/07 10:59 a.m.132 views

CVE-2015-3216

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establ...

4.3CVSS7.2AI score0.01171EPSS
CVE
CVE
added 2014/10/19 1:55 a.m.129 views

CVE-2014-3568

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

4.3CVSS4.5AI score0.04497EPSS
CVE
CVE
added 2013/12/23 10:55 p.m.128 views

CVE-2013-6449

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

4.3CVSS7.2AI score0.59591EPSS
CVE
CVE
added 2014/08/13 11:55 p.m.117 views

CVE-2014-3511

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol d...

4.3CVSS5.5AI score0.077EPSS
CVE
CVE
added 2010/12/06 9:5 p.m.116 views

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing networ...

4.3CVSS6.6AI score0.0599EPSS
CVE
CVE
added 2014/08/13 11:55 p.m.115 views

CVE-2014-3508

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process st...

4.3CVSS5.5AI score0.02771EPSS
CVE
CVE
added 2014/08/13 11:55 p.m.111 views

CVE-2014-3510

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a...

4.3CVSS5.5AI score0.20707EPSS
CVE
CVE
added 2015/03/19 10:59 p.m.104 views

CVE-2015-0285

The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force a...

4.3CVSS5.8AI score0.06118EPSS
CVE
CVE
added 2012/01/06 1:55 a.m.101 views

CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

4.3CVSS8AI score0.01693EPSS
CVE
CVE
added 2010/03/05 7:30 p.m.99 views

CVE-2010-0433

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via...

4.3CVSS7.1AI score0.11189EPSS
CVE
CVE
added 2006/09/28 6:7 p.m.97 views

CVE-2006-4343

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

4.3CVSS8.3AI score0.09157EPSS
CVE
CVE
added 2015/03/19 10:59 p.m.97 views

CVE-2015-0208

The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the ...

4.3CVSS5.6AI score0.2376EPSS
CVE
CVE
added 2010/08/17 8:0 p.m.89 views

CVE-2010-2939

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a craf...

4.3CVSS7.6AI score0.10272EPSS
CVE
CVE
added 2010/12/06 10:30 p.m.83 views

CVE-2008-7270

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier,...

4.3CVSS8.1AI score0.0599EPSS
CVE
CVE
added 2014/08/13 11:55 p.m.83 views

CVE-2014-5139

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersu...

4.3CVSS3.7AI score0.21313EPSS
CVE
CVE
added 2008/05/29 4:32 p.m.78 views

CVE-2008-0891

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

4.3CVSS8.1AI score0.12826EPSS
CVE
CVE
added 2008/05/29 4:32 p.m.67 views

CVE-2008-1672

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

4.3CVSS8.1AI score0.21264EPSS
CVE
CVE
added 2010/03/05 7:30 p.m.61 views

CVE-2010-0928

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to dete...

4CVSS9.1AI score0.00098EPSS
CVE
CVE
added 2012/06/20 5:55 p.m.51 views

CVE-2011-5095

The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.

4CVSS6.2AI score0.00436EPSS