CVE-2012-0050
https://notcve.org/view.php?id=CVE-2012-0050
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. OpenSSL v0.9.8s y v1.0.0f no admite correctamente las aplicaciones DTLS, lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para el CVE-2011-4108. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://marc.info/?l=bugtraq&m=133951357207000&w=2 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://osvdb.org/78320 http://secunia.com/advisories/47631 http://secunia.com/advisories/47677 http://secunia.com/advisories/47755 http:/ • CWE-399: Resource Management Errors •
CVE-2011-4576 – openssl: uninitialized SSL 3.0 padding
https://notcve.org/view.php?id=CVE-2011-4576
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. La implementación SSL v3.0 en OpenSSL antes de v0.9.8s y v1.x antes de v1.0.0f no inicializa correctamente las estructuras de datos para el relleno de bloques de cifrado, lo que podría permitir a atacantes remotos obtener información sensible descifrando los datos de rellenos enviados por uno de los extremos de la comunicación SSL. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 • CWE-310: Cryptographic Issues •
CVE-2011-4577 – openssl: malformed RFC 3779 data can cause assertion failures
https://notcve.org/view.php?id=CVE-2011-4577
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. OpenSSL antes de v0.9.8s y v1.x antes de v1.0.0f, cuando el soporte al RFC 3779 está habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción) a través de un certificado X.509 que contiene la extensión de certificados de datos asociados con identificados de (1) bloques de direcciones IP o (2) Sistema Autónomo (AS). • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://s • CWE-399: Resource Management Errors •
CVE-2012-0027
https://notcve.org/view.php?id=CVE-2012-0027
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. El motor GOST en OpenSSL antes de v1.0.0f no controla correctamente los parámetros válidos para el cifrado de bloques GOST, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de datos de un cliente TLS específicamente modificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://osvdb.org/78191 http://secunia.com/advisories/57353 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.mandriva.com/security/advisories?name=MDVSA-2012:007 http://www.openssl.org/news/secadv_20120104.txt • CWE-399: Resource Management Errors •
CVE-2011-4619 – openssl: SGC restart DoS attack
https://notcve.org/view.php?id=CVE-2011-4619
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. La implementación del servidor de criptografía SGC en OpenSSL antes de v0.9.8s y en v1.x antes de v1.0.0f no controla correctamente los reinicios de 'handshake' (apretón de manos), lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 • CWE-399: Resource Management Errors •