CVSS: 5.9EPSS: 28%CPEs: 5EXPL: 0CVE-2018-0737 – Cache timing vulnerability in RSA Key Generation
https://notcve.org/view.php?id=CVE-2018-0737
16 Apr 2018 — The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). Se ha demostrado que el algoritmo de generación de claves RSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral de caché. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 0CVE-2018-0733 – Incorrect CRYPTO_memcmp on HP-UX PA-RISC
https://notcve.org/view.php?id=CVE-2018-0733
27 Mar 2018 — Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Debido a un error de implementación, l... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.5EPSS: 16%CPEs: 8EXPL: 0CVE-2018-0739 – Constructed ASN.1 types with a recursive definition could exceed the stack
https://notcve.org/view.php?id=CVE-2018-0739
27 Mar 2018 — Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 5.9EPSS: 20%CPEs: 34EXPL: 0CVE-2017-3738 – openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2017-3738
07 Dec 2017 — There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be sign... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 5%CPEs: 2EXPL: 0CVE-2017-3736 – openssl: bn_sqrx8x_internal carry bug on x86_64
https://notcve.org/view.php?id=CVE-2017-3736
02 Nov 2017 — There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required fo... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •
CVSS: 5.3EPSS: 35%CPEs: 102EXPL: 0CVE-2017-3735 – openssl: Malformed X.509 IPAdressFamily could cause OOB read
https://notcve.org/view.php?id=CVE-2017-3735
28 Aug 2017 — While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. Al analizar una extensión IPAddressFamily en un certificado X.509, es posible realizar una sobrelectura de un bit. Esto tendría como resultado que el texto del certificado se muestre de forma incorrecta. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 0CVE-2017-3733 – Encrypt-Then-Mac renegotiation crash
https://notcve.org/view.php?id=CVE-2017-3733
16 Feb 2017 — During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. Durante un protocolo de enlace de renegociación, si la extensión Encrypt-Then-Mac es negociada cuando no estaba en el protocolo de enlace original (o viceversa), se podría provocar el cierre inesperado de OpenSSL (dependiente de una suite de cifrad... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-7798 – Ubuntu Security Notice USN-3365-1
https://notcve.org/view.php?id=CVE-2016-7798
30 Jan 2017 — The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. La openssl gem para Ruby utiliza el mismo vector de inicialización (IV) en el modo GCM (aes - * - gcm) cuando el IV se establece en versiones anteriores a la clave, lo que facilita que los atacantes dependiendo del contexto eludan el mecanismo de protección del cifrado. It was discover... • http://www.openwall.com/lists/oss-security/2016/09/19/9 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 69%CPEs: 87EXPL: 1CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
30 Jan 2017 — A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL de... • https://github.com/cujanovic/CVE-2016-8610-PoC • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 60%CPEs: 18EXPL: 4CVE-2017-3730 – Bad (EC)DHE parameters cause a client crash
https://notcve.org/view.php?id=CVE-2017-3730
26 Jan 2017 — In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. En OpenSSL versión 1.1.0 anterior a 1.1.0d, si un servidor malicioso suministra parámetros incorrectos para un intercambio de claves DHE o ECDHE, entonces esto puede resultar en que el cliente intente desreferenciar un puntero NULL que conduce ... • https://packetstorm.news/files/id/140804 • CWE-476: NULL Pointer Dereference •