Lucene search

Veracode Vulnerability DatabaseVERACODE:3433

HistoryFeb 03, 2017 - 8:16 a.m.

Denial Of Service (DoS)

2017-02-0308:16:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

OpenSSL is vulnerable to denial of service (DoS) attacks. A malicious user can cause a memory leak by seeking to connect to the system with an invalid username. By opening multiple invalid connections this way, the malicious user can cause the system to run out of memory.

CPENameOperatorVersion
openssleq1.0.1.h
opensslle1.0.111
opensslle1.0.1h
opensslle1.0.206
openssl-staticle1.0.1.c1
openssl-osxle1.0.206
openssleq1.0.1.h
opensslle1.0.111
opensslle1.0.1h
opensslle1.0.206

Name	Operator	Version
openssl	eq	1.0.1.h
openssl	le	1.0.111
openssl	le	1.0.1h
openssl	le	1.0.206
openssl-static	le	1.0.1.c1
openssl-osx	le	1.0.206
openssl	eq	1.0.1.h
openssl	le	1.0.111
openssl	le	1.0.1h
openssl	le	1.0.206

Rows per page:

1-10 of 121

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html

openssl.org/news/secadv/20160301.txt

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

www.debian.org/security/2016/dsa-3500

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/83705

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1035133

www.ubuntu.com/usn/USN-2914-1

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21

git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21

github.com/FredericJacobs/OpenSSL-Pod/blob/master/1.0.207/OpenSSL.podspec#L14

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168

security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc

security.gentoo.org/glsa/201603-15

www.openssl.org/news/secadv/20160301.txt

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Denial Of Service (DoS)

References

Related