Openssl Security Vulnerabilities and Issues — Openssl CVE List

Lucene search

OpensslOpenssl

16 matches found

CVE•added 2012/01/06 1:55 a.m.•13034 views

CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

4.3CVSS7.2AI score0.01697EPSS

CVE•added 2012/01/06 1:55 a.m.•12936 views

CVE-2011-4109

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.

9.3CVSS8.2AI score0.08572EPSS

CVE•added 2012/01/06 1:55 a.m.•12635 views

CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

5CVSS7.9AI score0.07022EPSS

CVE•added 2012/01/19 7:55 p.m.•12281 views

CVE-2012-0050

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

5CVSS8.1AI score0.01697EPSS

CVE•added 2012/01/06 1:55 a.m.•6700 views

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

5CVSS8AI score0.01427EPSS

CVE•added 2012/06/16 9:55 p.m.•370 views

CVE-2011-1473

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a d...

5CVSS6.3AI score0.89855EPSS

CVE•added 2012/04/19 5:55 p.m.•185 views

CVE-2012-2110

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly h...

7.5CVSS8.1AI score0.05888EPSS

CVE•added 2012/03/13 3:12 a.m.•129 views

CVE-2012-0884

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext...

5CVSS8AI score0.03127EPSS

CVE•added 2012/04/24 8:55 p.m.•110 views

CVE-2012-2131

Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an ...

7.5CVSS9.8AI score0.05888EPSS

CVE•added 2012/05/14 10:55 p.m.•108 views

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is no...

6.8CVSS8.7AI score0.03211EPSS

CVE•added 2012/01/06 1:55 a.m.•101 views

CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

4.3CVSS8AI score0.02057EPSS

CVE•added 2012/03/15 5:55 p.m.•100 views

CVE-2012-1165

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.

5CVSS8AI score0.07756EPSS

CVE•added 2012/01/06 1:55 a.m.•79 views

CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

5CVSS6.2AI score0.01012EPSS

CVE•added 2012/02/29 11:55 a.m.•75 views

CVE-2006-7250

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

5CVSS6.1AI score0.02501EPSS

CVE•added 2012/01/27 12:55 a.m.•72 views

CVE-2011-4354

crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remo...

5.8CVSS6.3AI score0.00358EPSS

CVE•added 2012/06/20 5:55 p.m.•51 views

CVE-2011-5095

The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.

4CVSS6.2AI score0.00408EPSS