2 matches found
CVE-2016-0799
CVE-2016-0799 affects OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g. The fmtstr function in crypto/bio/b_print.c miscalculates string lengths, enabling remote attackers to trigger a denial of service (overflow and out-of-bounds read) via a long ASN.1 string. Connected documents corroborate OpenSS...
CVE-2016-0800
CVE-2016-0800 describes a cross-protocol attack (DROWN) where an OpenSSL server that supports SSLv2 and EXPORT-grade cipher suites can be used as a Bleichenbacher padding oracle to decrypt TLS traffic. The issue arises from the server verifying certain plaintext RSA data before completing TLS, en...