rpm package
opensuse/openssl-1_0_0&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Tumbleweed
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-1559 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | Feb 27, 2019 | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 by | ||
| CVE-2018-5407 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | Nov 15, 2018 | Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | ||
| CVE-2018-0734 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | Oct 30, 2018 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi | ||
| CVE-2016-7056 | Med | 5.5 | < 1.0.2u-6.2 | 1.0.2u-6.2 | Sep 10, 2018 | A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | |
| CVE-2018-0732 | Hig | 7.5 | < 1.0.2u-6.2 | 1.0.2u-6.2 | Jun 12, 2018 | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client | |
| CVE-2018-0737 | Med | 5.9 | < 1.0.2u-6.2 | 1.0.2u-6.2 | Apr 16, 2018 | The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affec | |
| CVE-2018-0739 | Med | 6.5 | < 1.0.2u-6.2 | 1.0.2u-6.2 | Mar 27, 2018 | Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from u | |
| CVE-2017-3738 | Med | 5.9 | < 1.0.2u-6.2 | 1.0.2u-6.2 | Dec 7, 2017 | There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believ | |
| CVE-2017-3737 | Med | 5.9 | < 1.0.2u-6.2 | 1.0.2u-6.2 | Dec 7, 2017 | OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as d | |
| CVE-2017-3736 | Med | 6.5 | < 1.0.2u-6.2 | 1.0.2u-6.2 | Nov 2, 2017 | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are n | |
| CVE-2017-3735 | Med | 5.3 | < 1.0.2u-6.2 | 1.0.2u-6.2 | Aug 28, 2017 | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g | |
| CVE-2016-7055 | Med | 5.9 | < 1.0.2u-6.2 | 1.0.2u-6.2 | May 4, 2017 | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impos | |
| CVE-2017-3732 | Med | 5.9 | < 1.0.2u-6.2 | 1.0.2u-6.2 | May 4, 2017 | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and | |
| CVE-2017-3731 | Hig | 7.5 | < 1.0.2u-6.2 | 1.0.2u-6.2 | May 4, 2017 | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA | |
| CVE-2008-1672 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | May 29, 2008 | OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. | ||
| CVE-2008-0891 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | May 29, 2008 | Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. | ||
| CVE-2007-5135 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | Sep 27, 2007 | Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a | ||
| CVE-2007-3108 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | Aug 8, 2007 | The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. | ||
| CVE-2006-4343 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | Sep 28, 2006 | The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | ||
| CVE-2006-3738 | — | < 1.0.2u-6.2 | 1.0.2u-6.2 | Sep 28, 2006 | Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. |
- CVE-2019-1559Feb 27, 2019affected < 1.0.2u-6.2fixed 1.0.2u-6.2
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 by
- CVE-2018-5407Nov 15, 2018affected < 1.0.2u-6.2fixed 1.0.2u-6.2
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
- CVE-2018-0734Oct 30, 2018affected < 1.0.2u-6.2fixed 1.0.2u-6.2
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affec
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from u
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believ
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as d
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are n
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impos
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and
- affected < 1.0.2u-6.2fixed 1.0.2u-6.2
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA
- CVE-2008-1672May 29, 2008affected < 1.0.2u-6.2fixed 1.0.2u-6.2
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
- CVE-2008-0891May 29, 2008affected < 1.0.2u-6.2fixed 1.0.2u-6.2
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
- CVE-2007-5135Sep 27, 2007affected < 1.0.2u-6.2fixed 1.0.2u-6.2
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a
- CVE-2007-3108Aug 8, 2007affected < 1.0.2u-6.2fixed 1.0.2u-6.2
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
- CVE-2006-4343Sep 28, 2006affected < 1.0.2u-6.2fixed 1.0.2u-6.2
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
- CVE-2006-3738Sep 28, 2006affected < 1.0.2u-6.2fixed 1.0.2u-6.2
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
Page 2 of 3