Lucene search

Veracode Vulnerability DatabaseVERACODE:13057

HistoryJan 15, 2019 - 9:25 a.m.

Denial Of Service (DoS)

2019-01-1509:25:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

OpenSSL is vulnerable to denial of service (DoS) attacks. A malicious user can pass a malicious DSA private key to the system, causing a double-free in the system that can lead to the application to crash.

CPENameOperatorVersion
java-1.8.0-ibmeq1.8.0.4.1__1jpp.1.el6_8
openssleq1.0.0__20.el6_2.4
openssleq1.0.0__4.el6_0.2
openssleq1.0.1e__16.el6_5.4
openssleq1.0.0__20.el6_2.5
openssleq1.0.0__20.el6
openssleq1.0.0__10.el6
openssleq1.0.1e__30.el6_6.5
openssleq1.0.1e__16.el6_5.14
openssleq1.0.0__20.el6_2.3

Name	Operator	Version
java-1.8.0-ibm	eq	1.8.0.4.1__1jpp.1.el6_8
openssl	eq	1.0.0__20.el6_2.4
openssl	eq	1.0.0__4.el6_0.2
openssl	eq	1.0.1e__16.el6_5.4
openssl	eq	1.0.0__20.el6_2.5
openssl	eq	1.0.0__20.el6
openssl	eq	1.0.0__10.el6
openssl	eq	1.0.1e__30.el6_6.5
openssl	eq	1.0.1e__16.el6_5.14
openssl	eq	1.0.0__20.el6_2.3

Rows per page:

1-10 of 621

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html

lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

marc.info/?l=bugtraq&m=145889460330120&w=2

marc.info/?l=bugtraq&m=145983526810210&w=2

marc.info/?l=bugtraq&m=146108058503441&w=2

openssl.org/news/secadv/20160301.txt

rhn.redhat.com/errata/RHSA-2016-2957.html

source.android.com/security/bulletin/2016-05-01.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

www.debian.org/security/2016/dsa-3500

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/83754

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1035133

www.ubuntu.com/usn/USN-2914-1

access.redhat.com/errata/RHSA-2018:2568

access.redhat.com/errata/RHSA-2018:2575

access.redhat.com/errata/RHSA-2018:2713

access.redhat.com/security/updates/classification/#moderate

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git;a=commit;h=6c88c71b4e4825c7bc0489306d062d017634eb88

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168

security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc

security.gentoo.org/glsa/201603-15

www.openssl.org/news/secadv/20160301.txt

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Denial Of Service (DoS)

References

Related