CVE-2013-6450 – openssl: crash in DTLS renegotiation after packet loss
https://notcve.org/view.php?id=CVE-2013-6450
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. La implementación de retransmisión DTLS en OpenSSL través 0.9.8y y 1.x través 1.0.1e no mantiene adecuadamente las estructuras de datos para sumarios (hashes) y contextos de cifrado, lo que podría permitir a atacantes man-in-the-middle para activar el uso de un contexto diferente e interferir con la entrega de paquetes, relacionado con ssl/d1_both.c y ssl/t1_enc.c. • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html http://rhn.redhat.com/errata/RHSA-2014-0015.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security. • CWE-310: Cryptographic Issues •
CVE-2013-6449 – openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm
https://notcve.org/view.php?id=CVE-2013-6449
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. La función ssl_get_algorithm2 en ssl/s3_lib.c en OpenSSL anterior a v1.0.2 obtiene un cierto número de versión de una estructura de datos incorrectos, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de tráfico de red de un cliente TLS v1.2. • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists • CWE-310: Cryptographic Issues •
CVE-2013-0169 – SSL/TLS: CBC padding timing attack (lucky-13)
https://notcve.org/view.php?id=CVE-2013-0169
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se utiliza en OpenSSL, OpenJDK, PolarSSL, y otros productos, no considera adecuadamente ataques a un requisito de verificación MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperación de texto plano través del análisis estadístico de los datos de tiempo de los paquetes hechos a mano, también conocido como el "Lucky Thirteen" de emisión. • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html http:/ • CWE-310: Cryptographic Issues •
CVE-2013-0166 – openssl: DoS due to improper handling of OCSP response verification
https://notcve.org/view.php?id=CVE-2013-0166
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. OpenSSL antes de v0.9.8y, v1.0.0 antes de v1.0.0k y v1.0.1 antes de v1.0.1d no realizar correctamente la verificación de firmas para las respuestas OCSP, permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL y caída de la aplicación) a través de una tecla no válida. • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http: • CWE-310: Cryptographic Issues •
CVE-2012-2333 – openssl: record length handling integer underflow
https://notcve.org/view.php?id=CVE-2012-2333
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. Desbordamiento de entero en OpenSSL anteriores a v0.9.8x, v1.0.0 anteriores a v1.0.0j, y v1.0.1 anteriores a v1.0.1c, cuando TLS v1.1, TLS v1.2, o DTLS es usado con cifrado CBC, permite a atacantes remotos a provocar una denegación de servicio (sobre escritura del búfer) o posiblemente tener otros impactos no determinados a través de paquetes TLS manipulados que no son gestionados de forma adecuada en ciertos cálculos de vectores IV concretos. • http://cvs.openssl.org/chngview?cn=22538 http://cvs.openssl.org/chngview?cn=22547 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html http://marc.info/?l=bugtraq&m& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •