Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24138

HistoryApr 10, 2020 - 12:47 a.m.

Denial Of Service (DoS)

2020-04-1000:47:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

OpenSSL is vulnerable to denial of service. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service.

CPENameOperatorVersion
openssleq0.9.8b__10.el5
openssleq0.9.8b__8.3.el5
openssleq0.9.8b__10.el5_2.1
openssleq0.9.8b__8.3.el5_0.2
openssleq0.9.8e__7.el5
openssleq0.9.8b__10.el5
openssleq0.9.8b__8.3.el5
openssleq0.9.8b__10.el5_2.1
openssleq0.9.8b__8.3.el5_0.2
openssleq0.9.8e__7.el5

References

cvs.openssl.org/chngview?cn=19068

cvs.openssl.org/chngview?cn=19069

cvs.openssl.org/chngview?cn=19167

lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html

lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

marc.info/?l=bugtraq&m=127128920008563&w=2

secunia.com/advisories/38175

secunia.com/advisories/38181

secunia.com/advisories/38200

secunia.com/advisories/38761

secunia.com/advisories/39461

secunia.com/advisories/42724

secunia.com/advisories/42733

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

wiki.rpath.com/wiki/Advisories:rPSA-2010-0004

www.debian.org/security/2010/dsa-1970

www.mandriva.com/security/advisories?name=MDVSA-2010:022

www.openwall.com/lists/oss-security/2010/01/13/3

www.redhat.com/security/updates/classification/#moderate

www.ubuntu.com/usn/USN-884-1

www.vupen.com/english/advisories/2010/0124

www.vupen.com/english/advisories/2010/0839

www.vupen.com/english/advisories/2010/0916

access.redhat.com/errata/RHSA-2010:0054

bugzilla.redhat.com/show_bug.cgi?id=546707

issues.rpath.com/browse/RPL-3157

kb.bluecoat.com/index?page=content&id=SA50

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678

rhn.redhat.com/errata/RHSA-2010-0095.html

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:24138

nessus25 openvas33 debian2 securityvulns2 osv1 openssl1 ubuntu1 oraclelinux4 debiancve1 prion1 cve1 f52 redhat2 centos1 ubuntucve1 fedora6 altlinux4 gentoo1 suse1 vmware2 lenovo2