CVSS: 4.3EPSS: 10%CPEs: 64EXPL: 0CVE-2011-4577 – openssl: malformed RFC 3779 data can cause assertion failures
https://notcve.org/view.php?id=CVE-2011-4577
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. OpenSSL antes de v0.9.8s y v1.x antes de v1.0.0f, cuando el soporte al RFC 3779 está habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción) a través de un certificado X.509 que contiene la extensión de certificados de datos asociados con identificados de (1) bloques de direcciones IP o (2) Sistema Autónomo (AS). • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://s • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 5%CPEs: 67EXPL: 0CVE-2012-0027
https://notcve.org/view.php?id=CVE-2012-0027
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. El motor GOST en OpenSSL antes de v1.0.0f no controla correctamente los parámetros válidos para el cifrado de bloques GOST, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de datos de un cliente TLS específicamente modificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://osvdb.org/78191 http://secunia.com/advisories/57353 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.mandriva.com/security/advisories?name=MDVSA-2012:007 http://www.openssl.org/news/secadv_20120104.txt • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 18%CPEs: 64EXPL: 0CVE-2011-4619 – openssl: SGC restart DoS attack
https://notcve.org/view.php?id=CVE-2011-4619
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. La implementación del servidor de criptografía SGC en OpenSSL antes de v0.9.8s y en v1.x antes de v1.0.0f no controla correctamente los reinicios de 'handshake' (apretón de manos), lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0CVE-2011-4108 – openssl: DTLS plaintext recovery attack
https://notcve.org/view.php?id=CVE-2011-4108
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. La implementación DTLS en OpenSSL antes de v0.9.8s y v1.x antes de v1.0.0f realiza una comprobación de MAC sólo si determinado relleno es válida, lo que facilita a los atacantes remotos a la hora de recuperar texto a través de un ataque de relleno. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://lists.opensuse.org/opensuse-security-announce/201 • CWE-310: Cryptographic Issues •
CVSS: 2.6EPSS: 0%CPEs: 78EXPL: 1CVE-2011-1945
https://notcve.org/view.php?id=CVE-2011-1945
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. El subsistema de criptografía de curva elíptica (ECC) de OpenSSL v1.0.0d y versiones anteriores, cuando el algoritmo de firma digital de la curva elímptica(ECDSA) se utiliza para el conjunto de cifrado ECDHE_ECDSA, no aplica adecuadamente las curvas sobre campos binarios, lo que hace que sea más fácil para el atacantes dependientes del contexto determinar las claves privadas a través de un ataque de oportunidad y un cálculo del entramado (lattice). • http://eprint.iacr.org/2011/232.pdf http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://secunia.com/advisories/44935 http://support.apple.com/kb/HT5784 http://www.debian.org/security/2011/dsa-2309 http://www.kb.cert.org/vuls/id/536044 http://www.kb.cert.org/vuls/id/MAPG-8FENZ3 http://www.mandriva.com/security/advisories?name=MDVSA-2011:136 http://www.mandriva.com/security/advisories?name=MDVSA-2011:137 https://hermes.opensuse.org/m • CWE-310: Cryptographic Issues •