Veracode Vulnerability DatabaseVERACODE:3540

HistoryFeb 10, 2017 - 12:54 a.m.

Denial Of Service (DoS)

2017-02-1000:54:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks are possible because the GOST ENGINE doesn’t correctly handle invalid parameters for the GOST block cipher.

CPENameOperatorVersion
openssleq1.0.0

CPE	Name	Operator	Version
	openssl	eq	1.0.0

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

osvdb.org/78191

secunia.com/advisories/57353

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.mandriva.com/security/advisories?name=MDVSA-2012:007

www.openssl.org/news/secadv_20120104.txt

www.openssl.org/news/secadv/20120104.txt

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:3540