CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-13176 – Timing side-channel in ECDSA signature computation
https://notcve.org/view.php?id=CVE-2024-13176
20 Jan 2025 — Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is z... • https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844 • CWE-385: Covert Timing Channel •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9143 – Low-level invalid GF(2^m) parameters lead to OOB memory access
https://notcve.org/view.php?id=CVE-2024-9143
16 Oct 2024 — Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of bin... • https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 • CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6119 – Possible denial of service in X.509 name checks
https://notcve.org/view.php?id=CVE-2024-6119
03 Sep 2024 — Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject ... • https://openssl-library.org/news/secadv/20240903.txt • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.4EPSS: 4%CPEs: 4EXPL: 1CVE-2024-5535 – SSL_select_next_proto buffer overread
https://notcve.org/view.php?id=CVE-2024-5535
27 Jun 2024 — Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call t... • https://github.com/websecnl/CVE-2024-5535 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-4741 – Use After Free with SSL_free_buffers
https://notcve.org/view.php?id=CVE-2024-4741
06 Jun 2024 — Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function i... • https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-4603 – Excessive time spent checking DSA keys and parameters
https://notcve.org/view.php?id=CVE-2024-4603
16 May 2024 — Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Some of those com... • http://www.openwall.com/lists/oss-security/2024/05/16/2 • CWE-606: Unchecked Input for Loop Condition CWE-834: Excessive Iteration •
CVSS: 5.9EPSS: 1%CPEs: 3EXPL: 0CVE-2024-2511 – Unbounded memory growth with session handling in TLSv1.3
https://notcve.org/view.php?id=CVE-2024-2511
08 Apr 2024 — Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session... • http://www.openwall.com/lists/oss-security/2024/04/08/5 • CWE-400: Uncontrolled Resource Consumption CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0727 – PKCS12 Decoding crashes
https://notcve.org/view.php?id=CVE-2024-0727
25 Jan 2024 — Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that result... • http://www.openwall.com/lists/oss-security/2024/03/11/1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6237 – Excessive time spent checking invalid RSA public keys
https://notcve.org/view.php?id=CVE-2023-6237
15 Jan 2024 — Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of tw... • http://www.openwall.com/lists/oss-security/2024/03/11/1 • CWE-400: Uncontrolled Resource Consumption CWE-606: Unchecked Input for Loop Condition •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2023-6129 – POLY1305 MAC implementation corrupts vector registers on PowerPC
https://notcve.org/view.php?id=CVE-2023-6129
09 Jan 2024 — Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the cont... • http://www.openwall.com/lists/oss-security/2024/03/11/1 • CWE-328: Use of Weak Hash CWE-440: Expected Behavior Violation CWE-787: Out-of-bounds Write •