Page 52 of 270 results (0.006 seconds)

CVSS: 5.0EPSS: 15%CPEs: 39EXPL: 0

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL 0.9.6k, cuando se ejecuta en Windows, permite a atacantes remotos causar una denegación de servicio (caída por recursión excesiva) mediante secuencias ASN.1 malformadas. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://marc.info/?l=bugtraq&m=106796246511667&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/17381 http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml http://www.kb.cert.org/vuls/id/412478 http://www.openssl.or •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c. OpenSSL 0.96e usa aserciones cuando detecta ataques de desbordamineto de búfer en vez de mencanismos menos severos,lo que permite a atacantes remotos causar una denegación de servicio (caída) mediante ciertos mensajes que hacen que OpenSSL aborte de una aserción fallida, como se ha demostrado usando mensajes SSLv2 CLIENT_MASTER_KEY, que no son manejados adecuadamente en s2_srvr.c • http://cvs.openssl.org/chngview?cn=7659 http://marc.info/?l=bugtraq&m=106511018214983 http://www.ebitech.sk/patrik/SA/SA-20031002.txt https://access.redhat.com/security/cve/CVE-2002-1568 https://bugzilla.redhat.com/show_bug.cgi?id=1616924 •

CVSS: 5.0EPSS: 37%CPEs: 2EXPL: 0

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. OpenSSL 0.9.6 y 0.9.7no lleva bien la cuenta del número de caractéres de ciertas entradas ASN.1, lo que permite a atacantes remotos causar una denegación de servicio (caída) mediante un certifiucado que hace que OpenSSL lea más allá del búfer cuando una forma larga es usada. Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 http://secunia.com/advisories/22249 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://www.cert.org/advisories/CA-2003-26.html http://www.debian.org/security/2003/dsa-393 http://www.debian.org/security/2003/dsa-394 http://www.kb.cert.org/vuls/id/380864 http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html http:/ •

CVSS: 5.0EPSS: 95%CPEs: 2EXPL: 1

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Desbordamiento de enteros en OpenSSL 0.9.6 y 0.9.7 permite a atacantes remotos causar una denegación de servicio (caída) mediante un certificado SSL de cliente con ciertos valores en la etiqueta ASN.1. Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below. • https://www.exploit-db.com/exploits/146 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 http://secunia.com/advisories/22249 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://www.cert.org/advisories/CA-2003-26.html http://www.debian.org/security/2003/dsa-393 http://www.debian.org/security/2003/dsa-394 http://www.kb.cert.org/vuls/id/255484 http://www.linuxsecurity.com •

CVSS: 10.0EPSS: 58%CPEs: 2EXPL: 0

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Vulnerabilidad de doble liberación (de memoria) en OpenSSL 0.9.7 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario mediante un certificado de cliente SSL con una cierta condificación ASN.1 no válida. Brute forcer for OpenSSL ASN.1 parsing bugs that affects versions 0.9.6j and below and 0.9.7b and below. • http://secunia.com/advisories/22249 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://www.cert.org/advisories/CA-2003-26.html http://www.debian.org/security/2003/dsa-394 http://www.kb.cert.org/vuls/id/935264 http://www.redhat.com/support/errata/RHSA-2003-292.html http://www.securityfocus.com/bid/8732 http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm http://www.vupen.com/english/advisories/2006/3900 https://oval.cisecurity.org/repository • CWE-415: Double Free •