Veracode Vulnerability DatabaseVERACODE:6780Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
openssl is vulnerable to denial of service (DoS) attacks. A malicious user can pass a large prime number during a TLS handshake that can cause the client to take a long time generating a key for this, leading to the client hanging and possibly crashing.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openssl | le | 1.0.210 | |
| openssl-static | le | 1.0.2.c1 | |
| openssl-osx | le | 1.0.211 | |
| openssl | le | 1.0.210 | |
| openssl-static | le | 1.0.2.c1 | |
| openssl-osx | le | 1.0.211 |
References
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
www.securityfocus.com/bid/104442
www.securitytracker.com/id/1041090
access.redhat.com/errata/RHSA-2018:2552
access.redhat.com/errata/RHSA-2018:2553
access.redhat.com/errata/RHSA-2018:3221
access.redhat.com/errata/RHSA-2018:3505
access.redhat.com/errata/RHSA-2019:1296
access.redhat.com/errata/RHSA-2019:1297
access.redhat.com/errata/RHSA-2019:1543
cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
lists.debian.org/debian-lts-announce/2018/07/msg00043.html
lists.fedoraproject.org/archives/list/[email protected]/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
lists.fedoraproject.org/archives/list/[email protected]/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
lists.fedoraproject.org/archives/list/[email protected]/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
nodejs.org/en/blog/vulnerability/august-2018-security-releases/
security.gentoo.org/glsa/201811-03
security.netapp.com/advisory/ntap-20181105-0001/
security.netapp.com/advisory/ntap-20190118-0002/
securityadvisories.paloaltonetworks.com/Home/Detail/133
usn.ubuntu.com/3692-1/
usn.ubuntu.com/3692-2/
www.debian.org/security/2018/dsa-4348
www.debian.org/security/2018/dsa-4355
www.openssl.org/news/secadv/20180612.txt
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
www.tenable.com/security/tns-2018-12
www.tenable.com/security/tns-2018-13
www.tenable.com/security/tns-2018-14
www.tenable.com/security/tns-2018-17
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P