CVSS: 5.0EPSS: 0%CPEs: 95EXPL: 0CVE-2013-0166 – openssl: DoS due to improper handling of OCSP response verification
https://notcve.org/view.php?id=CVE-2013-0166
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. OpenSSL antes de v0.9.8y, v1.0.0 antes de v1.0.0k y v1.0.1 antes de v1.0.1d no realizar correctamente la verificación de firmas para las respuestas OCSP, permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL y caída de la aplicación) a través de una tecla no válida. • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970096e04b18aa52567c325200 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293242bd4aec97cdc7a8ef24b0 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http: • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 59%CPEs: 13EXPL: 0CVE-2011-1473
https://notcve.org/view.php?id=CVE-2011-1473
OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment ** EN DISPUTA ** OpenSSL anterior a v0.9.8l y v0.9.8m a través de 1.x, no restringen adecuadamente por el cliente dentro de la renegociación de los protocolos SSL y TLS, lo que podría hacer más fácil para los atacantes remotos causar una denegación de servicio (el consumo de CPU) mediante la realización de las renegociaciones de muchos dentro de una sola conexión, una vulnerabilidad diferente a CVE-2011-5094. NOTA: también se puede argumentar que es la responsabilidad de las implementaciones de servidores, no una biblioteca de seguridad, para prevenir o limitar la renegociación cuando es inapropiado dentro de un entorno específico. • http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html http://marc.info/?l=bugtraq&m=133951357207000&w=2 http://orchilles.com/2011/03/ssl-renegotiation-dos.html http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html http://www.ietf.org/mail-archive/web/tls/current/msg07553.html http://www.ietf.org/mail-archive/web/tls/current/msg07564.html http://www.ietf.org/mail-archive/web/tl • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 4%CPEs: 99EXPL: 0CVE-2012-2333 – openssl: record length handling integer underflow
https://notcve.org/view.php?id=CVE-2012-2333
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. Desbordamiento de entero en OpenSSL anteriores a v0.9.8x, v1.0.0 anteriores a v1.0.0j, y v1.0.1 anteriores a v1.0.1c, cuando TLS v1.1, TLS v1.2, o DTLS es usado con cifrado CBC, permite a atacantes remotos a provocar una denegación de servicio (sobre escritura del búfer) o posiblemente tener otros impactos no determinados a través de paquetes TLS manipulados que no son gestionados de forma adecuada en ciertos cálculos de vectores IV concretos. • http://cvs.openssl.org/chngview?cn=22538 http://cvs.openssl.org/chngview?cn=22547 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html http://marc.info/?l=bugtraq&m& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 10%CPEs: 91EXPL: 3CVE-2012-2110 – OpenSSL - ASN1 BIO Memory Corruption
https://notcve.org/view.php?id=CVE-2012-2110
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. La función asn1_d2i_read_bio en OpenSSL antes de v0.9.8v, en v1.0.0 antes de v1.0.0i y en v1.0.1 antes de v1.0.1a no interpreta correctamente los enteros, lo que permite realizar ataques de desbordamiento de buffer a atacantes remotos, y provocar una denegación de servicio (por corrupción de memoria) o posiblemente tener un impacto no especificado, a través de datos DER debidamente modificados, como lo demuestra un certificado X.509 o una clave pública RSA. • https://www.exploit-db.com/exploits/18756 http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html http://cvs.openssl.org/chngview?cn=22431 http://cvs.openssl.org/chngview?cn=22434 http://cvs.openssl.org/chngview?cn=22439 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html http://lists.fedoraproje • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 11%CPEs: 86EXPL: 0CVE-2012-1165 – openssl: mime_param_cmp NULL dereference crash
https://notcve.org/view.php?id=CVE-2012-1165
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. La función mime_param_cmp en crypto/asn1/asn_mime.c en OpenSSL anteriores v0.9.8u y v1.x v1.0.0h permite atacantes remotos provocar una denegación de servicio (desreferenciación de punterio NULL y caída de aplicación) a través de mensaje S/MIME manipulado, es una vulnerabilidad distinta a CVE-2006-7250. • http://cvs.openssl.org/chngview?cn=22252 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://marc.info/?l=bugtraq&m=133728068926468&w=2 http://m • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •