Page 13 of 93 results (0.035 seconds)

CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. La función get_client_master_key en s2_srvr.c en la implementación de SSLv2 en OpenSSL en versiones anteriores a 0.9.8zf, 1.0.0 en versiones anteriores a 1.0.0r, 1.0.1 en versiones anteriores a 1.0.1m y 1.0.2 en versiones anteriores a 1.0.2a acepta un valor CLIENT-MASTER-KEY CLEAR-KEY-LENGTH distinto de cero para un cifrado arbitrario, lo que permite a atacantes man-in-the-middle determinar el valor MASTER-KEY y descifrar datos de texto cifrados con TLS aprovechándose de un Bleichenbacher RSA padding oracle, un caso relacionado con CVE-2016-0800. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 1%CPEs: 44EXPL: 0

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. Un mecanismo de protección oracle en la función get_client_master_key en s2_srvr.c en la implementación de SSLv2 en OpenSSL en versiones anteriores a 0.9.8zf, 1.0.0 en versiones anteriores a 1.0.0r, 1.0.1 en versiones anteriores a 1.0.1m y 1.0.2 en versiones anteriores a 1.0.2a sobrescribe MASTER-KEY bytes incorrectos durante el uso de suites de cifrado de exportación, lo que facilita a atacantes remotos el descifrado de datos de texto cifrados con TLS aprovechándose de un Bleichenbacher RSA padding oracle, un caso relacionado con CVE-2016-0800. It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 6%CPEs: 40EXPL: 0

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. Múltiples desbordamientos de entero en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica o referencia a puntero NULL) o posiblemente tener otro impacto no especificado a través de una cadena de dígitos de gran tamaño que no es manejada correctamente por la función (1) BN_dec2bn o (2) BN_hex2bn, relacionada con crypto/bn/bn.h y crypto/bn/bn_print.c. An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.h •

CVSS: 10.0EPSS: 36%CPEs: 35EXPL: 0

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. La función fmtstr en crypto/bio/b_print.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g calcula incorrectamenteno longitudes de cadena, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento y lectura fuera de rango) o posiblemente causar otro impacto no especificado a través de una cadena larga de carácteres, como ha quedado demostrado por una gran cantidad de ASN.1 data, una vulnerabilidad diferente a CVE-2016-2842. Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 6%CPEs: 61EXPL: 0

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. Vulnerabilidad de liberación doble en la función dsa_priv_decode en crypto/dsa/dsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una clave DSA privada malformada. A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/ •