Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24610

HistoryApr 10, 2020 - 12:59 a.m.

Denial Of Service (DoS)

2020-04-1000:59:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

openssl is vulnerable to denial of service (DoS). The vulnerability exists as a buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS handshake messages. A remote attacker could possibly use this flaw to crash an SSL server using the affected OpenSSL functionality.

CPENameOperatorVersion
openssleq1.0.0__4.el6
openssleq1.0.0__4.el6_0.2
openssleq1.0.0__4.el6_0.1
openssleq1.0.0__4.el6
openssleq1.0.0__4.el6_0.2
openssleq1.0.0__4.el6_0.1

References

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777

lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

marc.info/?l=bugtraq&m=130497251507577&w=2

marc.info/?l=bugtraq&m=131042179515633&w=2

osvdb.org/70847

secunia.com/advisories/43227

secunia.com/advisories/43286

secunia.com/advisories/43301

secunia.com/advisories/43339

secunia.com/advisories/44269

secunia.com/advisories/57353

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823

support.apple.com/kb/HT4723

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.debian.org/security/2011/dsa-2162

www.mandriva.com/security/advisories?name=MDVSA-2011:028

www.openssl.org/news/secadv_20110208.txt

www.redhat.com/support/errata/RHSA-2011-0677.html

www.securityfocus.com/bid/46264

www.securitytracker.com/id?1025050

www.ubuntu.com/usn/USN-1064-1

www.vupen.com/english/advisories/2011/0361

www.vupen.com/english/advisories/2011/0387

www.vupen.com/english/advisories/2011/0389

www.vupen.com/english/advisories/2011/0395

www.vupen.com/english/advisories/2011/0399

www.vupen.com/english/advisories/2011/0603

access.redhat.com/errata/RHSA-2011:0677

access.redhat.com/security/updates/classification/#moderate

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:24610

nessus24 fedora6 openvas30 cve1 slackware1 altlinux5 debiancve1 prion1 f51 securityvulns6 redhat1 ubuntu1 debian2 openssl1 ubuntucve1 oraclelinux6 ibm8 gentoo1 vmware2