CVE-2010-5298 – openssl: freelist misuse causing a possible use-after-free
https://notcve.org/view.php?id=CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. Condición de carrera en la función ssl3_read_bytes en s3_pkt.c en OpenSSL hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, permite a atacantes remotos inyectar datos a través de sesiones o causar una denegación de servicio (error de uso después de liberación y análisis sintáctico) a través de una conexión SSL en un entorno con múltiples hilos. • http://advisories.mageia.org/MGASA-2014-0187.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http:/& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo que permite a atacantes remotos obtener información sensible desde la memoria de proceso a través de paquetes manipulados que desencadenan una sobrelectura del buffer, según lo demostrado mediante la lectura de claves privadas, relacionado con d1_both.c y t1_lib.c, también conocido como bug Heartbleed. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. • https://www.exploit-db.com/exploits/32764 https://www.exploit-db.com/exploits/32791 https://www.exploit-db.com/exploits/32998 https://www.exploit-db.com/exploits/32745 https://github.com/0x90/CVE-2014-0160 https://github.com/jdauphant/patch-openssl-CVE-2014-0160 https://github.com/caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC https://github.com/obayesshelton/CVE-2014-0160-Scanner https://github.com/MrE-Fog/CVE-2014-0160-Chrome-Plugin https://github.com/Xyl2k/CVE-2014 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2013-4353 – openssl: client NULL dereference crash on malformed handshake packets
https://notcve.org/view.php?id=CVE-2013-4353
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. La función ssl3_take_mac en ssl/s3_both.c en OpenSSL 1.0.1 anterior a 1.0.1f permite a los servidores TLS remotos provocar una denegación de servicio (referencia a un puntero NULL y caída de aplicación) a través de un registro Next Protocol Negotiation modificado en un TLS handshake. • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=197e0ea817ad64820789d86711d55ff50d71f631 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00065.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00067.html http: • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVE-2013-6450 – openssl: crash in DTLS renegotiation after packet loss
https://notcve.org/view.php?id=CVE-2013-6450
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. La implementación de retransmisión DTLS en OpenSSL través 0.9.8y y 1.x través 1.0.1e no mantiene adecuadamente las estructuras de datos para sumarios (hashes) y contextos de cifrado, lo que podría permitir a atacantes man-in-the-middle para activar el uso de un contexto diferente e interferir con la entrega de paquetes, relacionado con ssl/d1_both.c y ssl/t1_enc.c. • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00032.html http://rhn.redhat.com/errata/RHSA-2014-0015.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security. • CWE-310: Cryptographic Issues •
CVE-2013-6449 – openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm
https://notcve.org/view.php?id=CVE-2013-6449
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. La función ssl_get_algorithm2 en ssl/s3_lib.c en OpenSSL anterior a v1.0.2 obtiene un cierto número de versión de una estructura de datos incorrectos, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de tráfico de red de un cliente TLS v1.2. • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124833.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124854.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124858.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists • CWE-310: Cryptographic Issues •