Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-3735 |
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. Published: August 28, 2017; 3:29:01 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2014-3566 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Published: October 14, 2014; 8:55:02 PM -0400 |
V3.1: 3.4 LOW V2.0: 4.3 MEDIUM |
CVE-2014-3510 |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. Published: August 13, 2014; 7:55:07 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-3508 |
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. Published: August 13, 2014; 7:55:07 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-3507 |
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. Published: August 13, 2014; 7:55:07 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3506 |
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. Published: August 13, 2014; 7:55:07 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3505 |
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. Published: August 13, 2014; 7:55:07 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0076 |
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. Published: March 25, 2014; 9:25:21 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-0166 |
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. Published: February 08, 2013; 2:55:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1473 |
OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment Published: June 16, 2012; 5:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2333 |
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. Published: May 14, 2012; 6:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-2110 |
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. Published: April 19, 2012; 1:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-1165 |
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. Published: March 15, 2012; 1:55:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-7250 |
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. Published: February 29, 2012; 6:55:04 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |