Lucene search
K
RedhatOpenssl

9 matches found

CVE
CVE
added 2012/04/19 5:0 p.m.218 views

CVE-2012-2110

OpenSSL CVE-2012-2110 is a buffer overflow in asn1_d2i_read_bio (DER parsing) that can cause memory corruption or DoS via crafted DER data (e.g., X.509 certs or RSA keys). Affected releases include OpenSSL 0.9.8v, 0.9.8.x prior to 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a. Public advis...

7.5CVSS8.1AI score0.48298EPSS
CVE
CVE
added 2012/05/14 10:0 p.m.151 views

CVE-2012-2333

CVE-2012-2333: OpenSSL contains an integer underflow in CBC mode when TLS 1.1/1.2 or DTLS is used, enabling a remote DoS or buffer over-read. Affected versions are OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c. The issue arises from incorrect explicit IV calculation and can ...

6.8CVSS8.7AI score0.28154EPSS
CVE
CVE
added 2013/02/08 7:0 p.m.151 views

CVE-2013-0166

OpenSSL OCSP signature verification flaw (CVE-2013-0166): OpenSSL versions affected include 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d. An invalid key in OCSP responses can cause a NULL pointer dereference and remote DoS (application crash). Affected products/versions are confirmed in m...

5CVSS6.4AI score0.1965EPSS
CVE
CVE
added 2009/06/04 4:0 p.m.140 views

CVE-2009-1387

CVE-2009-1387 affects the OpenSSL DTLS implementation. The vulnerability resides in the function dtls1_retrieve_buffered_fragment (ssl/d1_both.c) in OpenSSL before 1.0.0 Beta 2, where an out-of-sequence DTLS handshake message can trigger a NULL pointer dereference and daemon crash, i.e., a denial...

5CVSS6.4AI score0.10254EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.133 views

CVE-2004-0079

The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...

7.5CVSS7.1AI score0.09537EPSS
CVE
CVE
added 2010/01/14 7:0 p.m.126 views

CVE-2009-4355

CVE-2009-4355 describes a memory leak in OpenSSL’s zlib_stateful_finish (crypto/comp/c_zlib.c) affecting OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4. It enables a remote denial of service via vectors that trigger incorrect calls to CRYPTO_cleanup_all_ex_data, as demonstrated by SSLv3...

5CVSS6.5AI score0.08941EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.121 views

CVE-2004-0081

CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...

5CVSS7.2AI score0.07229EPSS
CVE
CVE
added 2009/06/04 4:0 p.m.117 views

CVE-2009-1386

CVE-2009-1386 affects OpenSSL’s DTLS implementation: ssl/s3_pkt.c in OpenSSL versions before 0.9.8i allows a remote attacker to cause a denial of service via a ChangeCipherSpec datagram sent before ClientHello, causing a NULL pointer dereference and daemon crash. Public details place the vulnerab...

5CVSS5.9AI score0.80134EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.109 views

CVE-2004-0112

The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...

5CVSS7.2AI score0.10424EPSS