CVSS: 7.5EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http&# • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 15%CPEs: 39EXPL: 0CVE-2003-0851
https://notcve.org/view.php?id=CVE-2003-0851
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL 0.9.6k, cuando se ejecuta en Windows, permite a atacantes remotos causar una denegación de servicio (caída por recursión excesiva) mediante secuencias ASN.1 malformadas. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://marc.info/?l=bugtraq&m=106796246511667&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/17381 http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml http://www.kb.cert.org/vuls/id/412478 http://www.openssl.or •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1568
https://notcve.org/view.php?id=CVE-2002-1568
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c. OpenSSL 0.96e usa aserciones cuando detecta ataques de desbordamineto de búfer en vez de mencanismos menos severos,lo que permite a atacantes remotos causar una denegación de servicio (caída) mediante ciertos mensajes que hacen que OpenSSL aborte de una aserción fallida, como se ha demostrado usando mensajes SSLv2 CLIENT_MASTER_KEY, que no son manejados adecuadamente en s2_srvr.c • http://cvs.openssl.org/chngview?cn=7659 http://marc.info/?l=bugtraq&m=106511018214983 http://www.ebitech.sk/patrik/SA/SA-20031002.txt https://access.redhat.com/security/cve/CVE-2002-1568 https://bugzilla.redhat.com/show_bug.cgi?id=1616924 •
CVSS: 5.0EPSS: 37%CPEs: 2EXPL: 0CVE-2003-0544 – CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes
https://notcve.org/view.php?id=CVE-2003-0544
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. OpenSSL 0.9.6 y 0.9.7no lleva bien la cuenta del número de caractéres de ciertas entradas ASN.1, lo que permite a atacantes remotos causar una denegación de servicio (caída) mediante un certifiucado que hace que OpenSSL lea más allá del búfer cuando una forma larga es usada. Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 http://secunia.com/advisories/22249 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://www.cert.org/advisories/CA-2003-26.html http://www.debian.org/security/2003/dsa-393 http://www.debian.org/security/2003/dsa-394 http://www.kb.cert.org/vuls/id/380864 http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html http:/ •
CVSS: 5.0EPSS: 95%CPEs: 2EXPL: 1CVE-2003-0543 – OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs
https://notcve.org/view.php?id=CVE-2003-0543
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Desbordamiento de enteros en OpenSSL 0.9.6 y 0.9.7 permite a atacantes remotos causar una denegación de servicio (caída) mediante un certificado SSL de cliente con ciertos valores en la etiqueta ASN.1. Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below. • https://www.exploit-db.com/exploits/146 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 http://secunia.com/advisories/22249 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://www.cert.org/advisories/CA-2003-26.html http://www.debian.org/security/2003/dsa-393 http://www.debian.org/security/2003/dsa-394 http://www.kb.cert.org/vuls/id/255484 http://www.linuxsecurity.com •