Page 10 of 138 results (0.019 seconds)

CVSS: 4.3EPSS: 1%CPEs: 59EXPL: 0

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i permite a servidores DTLS remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación del cliente) a través de un mensaje de negociación manipulado en conjunto con un suite de cifrado (1) anónimo DH o (2) anónimo ECDH. A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc http://linux.oracle.com/errata/ELSA-2014-1052.html http://linux.oracle.com/errata/ELSA-2014-1053.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http:/& • CWE-476: NULL Pointer Dereference •

CVSS: 6.8EPSS: 2%CPEs: 31EXPL: 0

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data. Condición de carrera en la función ssl_parse_serverhello_tlsext en t1_lib.c en OpenSSL 1.0.0 anterior a 1.0.0n y 1.0.1 anterior a 1.0.1i, cuando multihilos y la redención de la sesión están utilizados, permite a servidores SSL remotos causar una denegación de servicio (sobrescritura de memoria y caída de la aplicación del cliente) o posiblemente tener otro impacto no especificado mediante el envió de datos Elliptic Curve (EC) Supported Point Formats Extension. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc http://linux.oracle.com/errata/ELSA-2014-1052.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html http://marc.info/?l=bugtraq&m=142350350616251&w=2 http://marc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. La función ssl23_get_client_hello en s23_srvr.c en OpenSSL 1.0.1 anterior a 1.0.1i permite a atacantes man-in-the-middle forzar el uso de TLS 1.0 mediante la provocación de la fragmentación de mensajes ClientHello comunicaciones entre un cliente y el servidor que ambos soportan versiones TLS posteriores, relacionado con un problema de 'degradación de protocolo'. A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc http://linux.oracle.com/errata/ELSA-2014-1052.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html http://marc.info/?l=bugtraq&m=142350350616251&w=2 http://marc • CWE-390: Detection of Error Condition Without Action •

CVSS: 4.3EPSS: 96%CPEs: 16EXPL: 0

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h, cuando un suite de cifrado ECDH anónimo está utilizado, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de cliente) mediante la provocación de un valor de certificado nulo. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html&# • CWE-476: NULL Pointer Dereference •

CVSS: 7.4EPSS: 97%CPEs: 28EXPL: 3

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el procesamiento de mensajes ChangeCipherSpec, lo que permite a atacantes man-in-the-middle provocar el uso de una clave maestra de longitud cero en ciertas comunicaciones OpenSSL-a-OpenSSL, y como consecuencia secuestrar sesiones u obtener información sensible, a través de una negociación TLS manipulada, también conocido como la vulnerabilidad de 'inyección CCS'. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. • https://github.com/secretnonempty/CVE-2014-0224 https://github.com/iph0n3/CVE-2014-0224 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://ccsinjection.lepidum.co.jp http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html http://esupport.trendmicro.com/solution/en-US/1103813.aspx http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://kb.juniper.net/InfoCenter/ • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •