Page 10 of 95 results (0.025 seconds)

CVSS: 4.3EPSS: 96%CPEs: 16EXPL: 0

CVE-2014-3470 – openssl: client-side denial of service when using anonymous ECDH

https://notcve.org/view.php?id=CVE-2014-3470

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h, cuando un suite de cifrado ECDH anónimo está utilizado, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de cliente) mediante la provocación de un valor de certificado nulo. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html&# • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 96%CPEs: 8EXPL: 1

CVE-2014-0195 – OpenSSL DTLS Fragment Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-0195

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. La función dtls1_reassemble_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no valida debidamente longitudes de fragmentos en mensajes DTLS ClientHello, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de buffer y caída de aplicación) a través de un fragmento no inicial largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenSSL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. • https://github.com/ricedu/CVE-2014-0195 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 4.3EPSS: 2%CPEs: 8EXPL: 0

CVE-2010-5298 – openssl: freelist misuse causing a possible use-after-free

https://notcve.org/view.php?id=CVE-2010-5298

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. Condición de carrera en la función ssl3_read_bytes en s3_pkt.c en OpenSSL hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, permite a atacantes remotos inyectar datos a través de sesiones o causar una denegación de servicio (error de uso después de liberación y análisis sintáctico) a través de una conexión SSL en un entorno con múltiples hilos. • http://advisories.mageia.org/MGASA-2014-0187.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http:/& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 1.9EPSS: 0%CPEs: 96EXPL: 0

CVE-2014-0076

https://notcve.org/view.php?id=CVE-2014-0076

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. La implementación de la escala Montgomery en OpenSSL hasta la versión 1.0.0l no asegura que ciertas operaciones de intercambio tengan un comportamiento constante en el tiempo, lo que facilita a usuarios locales obtener nonces ECDSA a través de un ataque de caché de canal lateral FLUSH+RELOAD. • http://advisories.mageia.org/MGASA-2014-0165.html http://eprint.iacr.org/2014/140 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html http://marc.info/?l=bugtraq&m=140266410314613&w=2 http://marc.info/?l=bugtraq&m=140317760000786&w=2 http&# • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 92%CPEs: 25EXPL: 0

CVE-2013-6449 – openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm

https://notcve.org/view.php?id=CVE-2013-6449

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. La función ssl_get_algorithm2 en ssl/s3_lib.c en OpenSSL anterior a v1.0.2 obtiene un cierto número de versión de una estructura de datos incorrectos, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de tráfico de red de un cliente TLS v1.2. • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists • CWE-310: Cryptographic Issues •