CVSS: 7.5EPSS: 79%CPEs: 18EXPL: 4CVE-2017-3730 – Bad (EC)DHE parameters cause a client crash
https://notcve.org/view.php?id=CVE-2017-3730
26 Jan 2017 — In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. En OpenSSL versión 1.1.0 anterior a 1.1.0d, si un servidor malicioso suministra parámetros incorrectos para un intercambio de claves DHE o ECDHE, entonces esto puede resultar en que el cliente intente desreferenciar un puntero NULL que conduce ... • https://packetstorm.news/files/id/140804 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 5%CPEs: 22EXPL: 0CVE-2017-3731 – Truncated packet could crash via OOB read
https://notcve.org/view.php?id=CVE-2017-3731
26 Jan 2017 — If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. Si un servidor o cliente SSL/TLS se ejecuta en un hos... • http://rhn.redhat.com/errata/RHSA-2017-0286.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 81%CPEs: 3EXPL: 1CVE-2016-7054 – ChaCha20/Poly1305 heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-7054
10 Nov 2016 — In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. En OpenSSL 1.1.0 anterior a 1.1.0c, las conexiones TLS que utilizan *-CHACHA20-POLY1305 ciphersuites pueden ser víctimas de una denegación de servicio si se corrompe el payload. Esto puede derivar la caída de OpenSSL. • https://www.exploit-db.com/exploits/40899 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 38%CPEs: 3EXPL: 0CVE-2016-7053 – CMS Null dereference
https://notcve.org/view.php?id=CVE-2016-7053
10 Nov 2016 — In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. En OpenSSL 1.1.0 anterior a 1.1.0c, las aplicaciones que analizan estructuras CMS inválidas puede... • http://www.securityfocus.com/bid/94244 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 9%CPEs: 7EXPL: 0CVE-2016-7055 – openssl: Carry propagating bug in Montgomery multiplication
https://notcve.org/view.php?id=CVE-2016-7055
10 Nov 2016 — There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiat... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-682: Incorrect Calculation •
CVSS: 5.9EPSS: 55%CPEs: 1EXPL: 0CVE-2016-6307 – OpenSSL Security Advisory 20160922
https://notcve.org/view.php?id=CVE-2016-6307
22 Sep 2016 — The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. La implementación de máquina de estados en OpenSSL 1.1.0 en versiones anteriores a 1.1.0a asigna memoria antes de comprobar un exceso de longitud, lo que podría permitir a atacantes remotos provocar una denegación de servicio (... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 57%CPEs: 1EXPL: 0CVE-2016-6308 – OpenSSL Security Advisory 20160922
https://notcve.org/view.php?id=CVE-2016-6308
22 Sep 2016 — statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. statem/statem_dtls.c en la implementación DTLS en OpenSSL 1.1.0 en versiones anteriores a 1.1.0a asigna memoria antes de comprobar el exceso de longitud, lo que podría permitir a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 48%CPEs: 1EXPL: 1CVE-2016-6305 – OpenSSL Security Advisory 20160922
https://notcve.org/view.php?id=CVE-2016-6305
22 Sep 2016 — The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. La función ssl3_read_bytes en record/rec_layer_s3.c en OpenSSL 1.1.0 en versiones anteriores a 1.1.0a permite a atacantes remotos provocar una denegación de servicio (bucle infinito) desencadenando un registro de longitud cero en una llamada SSL_peek. A malicious client can send an excessively large O... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 58%CPEs: 41EXPL: 1CVE-2016-6304 – openssl: OCSP Status Request extension unbounded memory growth
https://notcve.org/view.php?id=CVE-2016-6304
22 Sep 2016 — Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. Múltiples fugas de memoria en t1_lib.c en OpenSSL en versiones anteriores a 1.0.1u, 1.0.2 en versiones anteriores a 1.0.2i y 1.1.0 en versiones anteriores a 1.1.0a permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de grandes extensiones OCSP Statu... • https://packetstorm.news/files/id/139091 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
18 Oct 2007 — Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 •