Lucene search

Veracode Vulnerability DatabaseVERACODE:12251

HistoryJan 15, 2019 - 9:14 a.m.

Denial Of Service (DoS)

2019-01-1509:14:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

OpenSSL is vulnerable to Denial Of Service (DoS). A malicious user can send multiple large OCSP Status Request extension to the server. causing it to run out of memory and crash.

CPENameOperatorVersion
openssleq1.0.1e__42.el6
openssleq1.0.1e__16.el6_5.4
openssleq1.0.0__4.el6_0.2
openssleq1.0.0__10.el6
openssleq1.0.1e__16.el6_5.14
openssleq1.0.0__20.el6_2.3
openssleq1.0.0__27.el6_4.2
openssleq1.0.1e__42.el6_7.1
openssleq1.0.1e__16.el6_5.1
openssleq1.0.0__20.el6_2.2

Name	Operator	Version
openssl	eq	1.0.1e__42.el6
openssl	eq	1.0.1e__16.el6_5.4
openssl	eq	1.0.0__4.el6_0.2
openssl	eq	1.0.0__10.el6
openssl	eq	1.0.1e__16.el6_5.14
openssl	eq	1.0.0__20.el6_2.3
openssl	eq	1.0.0__27.el6_4.2
openssl	eq	1.0.1e__42.el6_7.1
openssl	eq	1.0.1e__16.el6_5.1
openssl	eq	1.0.0__20.el6_2.2

Rows per page:

1-10 of 2561

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html

rhn.redhat.com/errata/RHSA-2016-1940.html

rhn.redhat.com/errata/RHSA-2016-2802.html

rhn.redhat.com/errata/RHSA-2017-1415.html

rhn.redhat.com/errata/RHSA-2017-1659.html

seclists.org/fulldisclosure/2016/Dec/47

seclists.org/fulldisclosure/2016/Oct/62

seclists.org/fulldisclosure/2017/Jul/31

www-01.ibm.com/support/docview.wss?uid=swg21995039

www.debian.org/security/2016/dsa-3673

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/93150

www.securitytracker.com/id/1036878

www.securitytracker.com/id/1037640

www.splunk.com/view/SP-CAAAPSV

www.splunk.com/view/SP-CAAAPUE

www.ubuntu.com/usn/USN-3087-1

www.ubuntu.com/usn/USN-3087-2

access.redhat.com/errata/RHSA-2017:1413

access.redhat.com/errata/RHSA-2017:1414

access.redhat.com/errata/RHSA-2017:1658

access.redhat.com/errata/RHSA-2017:1801

access.redhat.com/errata/RHSA-2017:1802

access.redhat.com/errata/RHSA-2017:2493

access.redhat.com/errata/RHSA-2017:2494

access.redhat.com/security/updates/classification/#important

bto.bluecoat.com/security-advisory/sa132

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

kc.mcafee.com/corporate/index?page=content&id=SB10171

kc.mcafee.com/corporate/index?page=content&id=SB10215

nodejs.org/en/blog/vulnerability/september-2016-security-releases/

rhn.redhat.com/errata/RHSA-2016-2802.html

security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

security.gentoo.org/glsa/201612-16

www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

www.openssl.org/news/secadv/20160922.txt

www.tenable.com/security/tns-2016-16

www.tenable.com/security/tns-2016-20

www.tenable.com/security/tns-2016-21

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Denial Of Service (DoS)

References

Related