Page 14 of 138 results (0.014 seconds)

CVSS: 5.0EPSS: 0%CPEs: 66EXPL: 0

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. La implementación de Cryptographic Message Syntax (CMS) y PKCS #7 de OpenSSL anteriores a 0.9.8u y 1.x anteriores a 1.0.0h no restringe apropiadamente un determinado uso de información posterior ("oracle behavior"), lo que facilita a atacantes dependientes del contexto desencriptar datos a través de un ataque de tipo "Million Message Attack (MMA) adaptive chosen ciphertext". • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://marc.info/?l=bugtraq&m=133728068926468&w=2 http://marc.info/?l=bugtraq&m=133951357207000&w=2 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://rhn.redhat • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 14%CPEs: 73EXPL: 0

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. La función mime_hdr_cmp en crypto/asn1/asn_mime.c en OpenSSL v0.9.8t y anteriores permite a atacantes remotos causar una denegación de servicio (desreferencia a puntero nulo y caída de la aplicación) a través de un mensaje S/MIME modificado para tal fin. • http://cvs.openssl.org/chngview?cn=22144 http://marc.info/?l=bugtraq&m=133728068926468&w=2 http://marc.info/?l=openssl-dev&m=115685408414194&w=2 http://secunia.com/advisories/36533 http://secunia.com/advisories/48153 http://secunia.com/advisories/48516 http://secunia.com/advisories/48899 http://www.mail-archive.com/openssl-dev%40openssl.org/msg30305.html http://www.openwall.com/lists/oss-security/2012/02/27/10 http://www.openwall.com/lists/oss-security/2012/02& • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 14%CPEs: 2EXPL: 0

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. OpenSSL v0.9.8s y v1.0.0f no admite correctamente las aplicaciones DTLS, lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para el CVE-2011-4108. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://marc.info/?l=bugtraq&m=133951357207000&w=2 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://osvdb.org/78320 http://secunia.com/advisories/47631 http://secunia.com/advisories/47677 http://secunia.com/advisories/47755 http:/ • CWE-399: Resource Management Errors •

CVSS: 5.8EPSS: 0%CPEs: 59EXPL: 0

crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. crypto/bn/bn_nist.c en OpenSSL anterior a v0.9.8h en plataformas de 32 bits, como se utiliza en stunnel y otros productos, en determinadas circunstancias, la participación ECDH o suites ECDHE cifrado, utiliza un algoritmo de reducción incorrecta modular en la aplicación de la P-256 y P 384-NIST elíptica curvas, lo que permite a atacantes remotos obtener la clave privada de un servidor de TLS a través de múltiples intentos de apretón de manos. • http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21 http://eprint.iacr.org/2011/633 http://marc.info/?t=119271238800004 http://openwall.com/lists/oss-security/2011/12/01/6 http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest http://www.debian.org/security/2012/dsa-2390 https://bugzilla.redhat.com/show_bug.cgi?id=757909 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 64EXPL: 0

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. La implementación SSL v3.0 en OpenSSL antes de v0.9.8s y v1.x antes de v1.0.0f no inicializa correctamente las estructuras de datos para el relleno de bloques de cifrado, lo que podría permitir a atacantes remotos obtener información sensible descifrando los datos de rellenos enviados por uno de los extremos de la comunicación SSL. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 • CWE-310: Cryptographic Issues •