rpm package
suse/openssl-1_1&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3711 | Cri | 9.8 | < 1.1.1d-2.36.2 | 1.1.1d-2.36.2 | Aug 24, 2021 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with | |
| CVE-2021-3449 | Med | 5.9 | < 1.1.1d-2.33.1 | 1.1.1d-2.33.1 | Mar 25, 2021 | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce | |
| CVE-2021-23841 | Med | 5.9 | < 1.1.1d-2.30.1 | 1.1.1d-2.30.1 | Feb 16, 2021 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (whi | |
| CVE-2021-23840 | Hig | 7.5 | < 1.1.1d-2.30.1 | 1.1.1d-2.30.1 | Feb 16, 2021 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be | |
| CVE-2020-1971 | Med | 5.9 | < 1.1.1d-2.27.1 | 1.1.1d-2.27.1 | Dec 8, 2020 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi | |
| CVE-2020-1967 | Hig | 7.5 | < 1.1.1d-2.23.1 | 1.1.1d-2.23.1 | Apr 21, 2020 | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognise | |
| CVE-2019-1551 | Med | 5.3 | < 1.1.1d-2.20.1 | 1.1.1d-2.20.1 | Dec 6, 2019 | There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult | |
| CVE-2019-1563 | Low | 3.7 | < 1.1.1d-2.20.1 | 1.1.1d-2.20.1 | Sep 10, 2019 | In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th | |
| CVE-2019-1549 | Med | 5.3 | < 1.1.1d-2.20.1 | 1.1.1d-2.20.1 | Sep 10, 2019 | OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in | |
| CVE-2019-1547 | Med | 4.7 | < 1.1.1d-2.20.1 | 1.1.1d-2.20.1 | Sep 10, 2019 | Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g |
- affected < 1.1.1d-2.36.2fixed 1.1.1d-2.36.2
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with
- affected < 1.1.1d-2.33.1fixed 1.1.1d-2.33.1
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce
- affected < 1.1.1d-2.30.1fixed 1.1.1d-2.30.1
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (whi
- affected < 1.1.1d-2.30.1fixed 1.1.1d-2.30.1
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be
- affected < 1.1.1d-2.27.1fixed 1.1.1d-2.27.1
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi
- affected < 1.1.1d-2.23.1fixed 1.1.1d-2.23.1
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognise
- affected < 1.1.1d-2.20.1fixed 1.1.1d-2.20.1
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult
- affected < 1.1.1d-2.20.1fixed 1.1.1d-2.20.1
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th
- affected < 1.1.1d-2.20.1fixed 1.1.1d-2.20.1
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in
- affected < 1.1.1d-2.20.1fixed 1.1.1d-2.20.1
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g
Page 2 of 2