Page 16 of 81 results (0.015 seconds)

CVSS: 4.3EPSS: 93%CPEs: 3EXPL: 1

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. Vulnerabilidad de doble liberación en la función ssl3_get_key_exchange en el cliente OpenSSL (ssl/s3_clnt.c) de OpenSSL v1.0.0a, v0.9.8, v0.9.7, y posiblemente otras versiones, cuando usa ECDH, permite a atacantes depediendo del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código a su elección a través de claves privadas manipuladas con un número no válido. NOTA: algunas fuentes se refieren a esto como un problema de uso después de la liberación. • https://www.exploit-db.com/exploits/34427 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://seclists.org/fulldisclosure/2010/Aug/84 http://secunia.com/advisories/40906 http://secunia.com/advisories/41105 http://secunia.com/advisories/42309 http://secunia.com/advisories/42413 http://secunia.com/advisories/43312 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc http://securitytra • CWE-399: Resource Management Errors •

CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad en la verificación de la recuperación RSA en la función EVP_PKEY_verify_recover en OpenSSL v1.x anterior a v1.0.0a, como es utilizada por "pkeyutl" y posiblemente otras aplicaciones, devuelve memoria no inicializada tras el fallo, el cual permite a atacantes dependientes del contexto evitar requerimientos de clave y otro información sensible a través de vectores sin especificar. Nota: algunos de estos detalles se han obtenido de información de terceros. • http://cvs.openssl.org/chngview?cn=19693 http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1 http://secunia.com/advisories/40024 http://secunia.com/advisories/57353 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.openssl.org/news/secadv_20100601.txt http://www.securityfocus.com/bid/40503 http://www.vupen.com/english/advisories/2010/1313 https://bugzilla.redhat.com/show_bug.cgi?id=598732 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 25%CPEs: 72EXPL: 0

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. Vulnerabilidad en la implemtanción "Cryptographic Message Syntax" (CMS) en "crypto/cms/cms_asn1.c" en OpenSSL anterior a v0.9.8o y v1.x anterior a v1.0.0a no maneja correctamente estructuras que contienen "OriginatorInfo" las cuales permiten a atacantes dependientes del contexto modificar direcciones inválidas de memoria o llevar a cabo ataques de liberación doble con posibilidad de ejecutar código aleatorio a través de vectores sin especificar. • http://cvs.openssl.org/chngview?cn=19693 http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1 http://marc.info/?l=bugtraq&m=129138643405740&w=2 http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest http://secunia.com/advisories/40000 http://secunia.com/advisories/40024 http://secunia.com/advisories/42457 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://secunia.com/advisories/57353 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 20%CPEs: 71EXPL: 0

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. Fuga de memoria en la función zlib_stateful_finish en crypto/comp/c_zlib.c en OpenSSL v0.9.8l y anteriores, y v1.0.0 Beta a la Beta 4, permite a atacantes remoso provocar una denegación de servicio (consumo de memoria) a través de vectores que provocan llamadas incorrectas a la función CRYPTO_free_all_ex_data, como se demostró usando SSLv3 y PHP con el Apache HTTP Server, una cuestión relacionada con el CVE-2008-1678. • http://cvs.openssl.org/chngview?cn=19068 http://cvs.openssl.org/chngview?cn=19069 http://cvs.openssl.org/chngview?cn=19167 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://marc.info/?l=bugtraq&m=127128920008563&w=2 http://secunia.com/advisories/38175 http://secunia.com/advisories/38181 http: • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.0EPSS: 11%CPEs: 1EXPL: 2

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. Vulnerabilidad de uso después de la liberación en (use-after-free) en la función dtls1_retrieve_buffered_fragment en ssl/d1_both.c en OpenSSL v1.0.0 Beta 2 permite a atacantes remotos producir una denegación de servicio (caída de openssl s_client) a posiblemente tenga un impacto sin especificar a través de un paquete DTLS, como se demostró mediante un paquete de un servidor que utiliza un certificado de servidor manipulado. • https://www.exploit-db.com/exploits/8720 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest http://secunia.com/advisories/35416 http://secunia.com/advisories/35461 http: • CWE-399: Resource Management Errors CWE-416: Use After Free •