CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-12797 – RFC7250 handshakes with unauthenticated servers don't abort as expected
https://notcve.org/view.php?id=CVE-2024-12797
11 Feb 2025 — Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients e... • https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9 • CWE-295: Improper Certificate Validation CWE-392: Missing Report of Error Condition •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-13176 – Timing side-channel in ECDSA signature computation
https://notcve.org/view.php?id=CVE-2024-13176
20 Jan 2025 — Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is z... • https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844 • CWE-385: Covert Timing Channel •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9143 – Low-level invalid GF(2^m) parameters lead to OOB memory access
https://notcve.org/view.php?id=CVE-2024-9143
16 Oct 2024 — Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of bin... • https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 • CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6119 – Possible denial of service in X.509 name checks
https://notcve.org/view.php?id=CVE-2024-6119
03 Sep 2024 — Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject ... • https://openssl-library.org/news/secadv/20240903.txt • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.4EPSS: 4%CPEs: 4EXPL: 1CVE-2024-5535 – SSL_select_next_proto buffer overread
https://notcve.org/view.php?id=CVE-2024-5535
27 Jun 2024 — Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call t... • https://github.com/websecnl/CVE-2024-5535 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-4741 – Use After Free with SSL_free_buffers
https://notcve.org/view.php?id=CVE-2024-4741
06 Jun 2024 — Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function i... • https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-4603 – Excessive time spent checking DSA keys and parameters
https://notcve.org/view.php?id=CVE-2024-4603
16 May 2024 — Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Some of those com... • http://www.openwall.com/lists/oss-security/2024/05/16/2 • CWE-606: Unchecked Input for Loop Condition CWE-834: Excessive Iteration •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
18 Oct 2007 — Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 •