VYPR

rpm package

opensuse/openssl-1_1&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweed

Vulnerabilities (157)

  • CVE-2009-1386Jun 4, 2009
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

  • CVE-2009-1379May 19, 2009
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a

  • CVE-2009-1378May 19, 2009
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much

  • CVE-2009-1377May 19, 2009
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitati

  • CVE-2009-0789Mar 27, 2009
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate,

  • CVE-2009-0591Mar 27, 2009
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

  • CVE-2009-0590Mar 27, 2009
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

  • CVE-2008-5077Jan 7, 2009
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

  • CVE-2008-1672May 29, 2008
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

  • CVE-2008-0891May 29, 2008
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

  • CVE-2007-5135Sep 27, 2007
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a

  • CVE-2007-3108Aug 8, 2007
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

  • CVE-2006-4343Sep 28, 2006
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

  • CVE-2006-3738Sep 28, 2006
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

  • CVE-2006-2940Sep 28, 2006
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to proces

  • CVE-2006-2937Sep 28, 2006
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

  • CVE-2006-4339Sep 5, 2006
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from cor

Page 8 of 8