Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

openssl openssl 1.0.2c vulnerabilities and exploits

(subscribe to this query)

3.7
CVSSv3
CVE-2016-0701
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple...
Openssl Openssl 1.0.2aOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.2Openssl Openssl 1.0.2d
NA
CVE-2015-1794
The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message....
Openssl Openssl 1.0.2aOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.2Openssl Openssl 1.0.2d
8.2
CVSSv3
CVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data....
Openssl Openssl 1.0.2aOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.2gOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.2Openssl OpensslOpenssl Openssl 1.0.2fOpenssl Openssl 1.0.2d
5.9
CVSSv3
CVE-2017-3732
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform...
Openssl Openssl 1.0.2aOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.2bOpenssl Openssl 1.1.0cOpenssl Openssl 1.0.2hOpenssl Openssl 1.0.2cOpenssl Openssl 1.1.0bOpenssl Openssl 1.0.2Openssl Openssl 1.1.0aOpenssl Openssl 1.0.2fOpenssl Openssl 1.0.2iOpenssl Openssl 1.0.2dNodejs Node.js
7.5
CVSSv3
CVE-2017-3731
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using...
Openssl Openssl 1.1.0cOpenssl Openssl 1.1.0bOpenssl Openssl 1.1.0aOpenssl Openssl 1.0.2aOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.2jOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.2hOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.2Openssl Openssl 1.0.2fOpenssl Openssl 1.0.2iOpenssl Openssl 1.0.2dNodejs Node.js
7.5
CVSSv3
CVE-2016-0798
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and...
Openssl Openssl 1.0.1mOpenssl Openssl 1.0.2aOpenssl Openssl 1.0.1jOpenssl Openssl 1.0.1Openssl Openssl 1.0.1hOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.1rOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.1cOpenssl Openssl 1.0.1gOpenssl Openssl 1.0.1aOpenssl Openssl 1.0.1dOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.2Openssl Openssl 1.0.1pOpenssl Openssl 1.0.1kOpenssl Openssl 1.0.1bOpenssl Openssl 1.0.1nOpenssl Openssl 1.0.1qOpenssl Openssl 1.0.1eOpenssl Openssl 1.0.1lOpenssl Openssl 1.0.1fOpenssl Openssl 1.0.1oOpenssl Openssl 1.0.2fOpenssl Openssl 1.0.1iOpenssl Openssl 1.0.2d
5.9
CVSSv3
CVE-2017-3737
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This...
Openssl Openssl 1.0.2cOpenssl Openssl 1.0.2dOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.2lOpenssl Openssl 1.0.2mOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.2jOpenssl Openssl 1.0.2kOpenssl Openssl 1.0.2hOpenssl Openssl 1.0.2iOpenssl Openssl 1.0.2fOpenssl Openssl 1.0.2gDebian Debian Linux 9.0
9.8
CVSSv3
CVE-2016-6303
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors....
Nodejs Node.jsOpenssl Openssl 1.0.1mOpenssl Openssl 1.0.2aOpenssl Openssl 1.0.1jOpenssl Openssl 1.0.1hOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.1rOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.1cOpenssl Openssl 1.0.1gOpenssl Openssl 1.0.2gOpenssl Openssl 1.0.1aOpenssl Openssl 1.0.2hOpenssl Openssl 1.0.1dOpenssl Openssl 1.0.1tOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.1pOpenssl Openssl 1.0.1kOpenssl Openssl 1.0.1bOpenssl Openssl 1.0.1nOpenssl Openssl 1.0.1qOpenssl Openssl 1.0.1eOpenssl Openssl 1.0.1lOpenssl Openssl 1.0.1fOpenssl Openssl 1.0.1sOpenssl Openssl 1.0.1oOpenssl Openssl 1.0.2Openssl Openssl 1.0.2fOpenssl Openssl 1.0.1iOpenssl Openssl 1.0.1Openssl Openssl 1.0.2d
7.5
CVSSv3
CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter....
Openssl Openssl 1.0.1mOpenssl Openssl 1.0.2aOpenssl Openssl 1.0.1jOpenssl Openssl 1.0.1hOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.1cOpenssl Openssl 1.0.1gOpenssl Openssl 1.0.1aOpenssl Openssl 1.0.1dOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.1pOpenssl Openssl 1.0.1kOpenssl Openssl 1.0.1bOpenssl Openssl 1.0.1nOpenssl Openssl 1.0.1eOpenssl Openssl 1.0.1lOpenssl Openssl 1.0.1fOpenssl Openssl 1.0.1oOpenssl Openssl 1.0.2Openssl Openssl 1.0.1iOpenssl Openssl 1.0.1Openssl Openssl 1.0.2dCanonical Ubuntu Linux 12.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.04Debian Debian Linux 8.0Debian Debian Linux 7.0Nodejs Node.js
7.5
CVSSv3
CVE-2016-2179
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions...
Openssl Openssl 1.0.1mOpenssl Openssl 1.0.2aOpenssl Openssl 1.0.1jOpenssl Openssl 1.0.1hOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.1rOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.1cOpenssl Openssl 1.0.1gOpenssl Openssl 1.0.2gOpenssl Openssl 1.0.1aOpenssl Openssl 1.0.2hOpenssl Openssl 1.0.1dOpenssl Openssl 1.0.1tOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.1pOpenssl Openssl 1.0.1kOpenssl Openssl 1.0.1bOpenssl Openssl 1.0.1nOpenssl Openssl 1.0.1qOpenssl Openssl 1.0.1eOpenssl Openssl 1.0.1lOpenssl Openssl 1.0.1fOpenssl Openssl 1.0.1sOpenssl Openssl 1.0.1oOpenssl Openssl 1.0.2Openssl Openssl 1.0.2fOpenssl Openssl 1.0.1iOpenssl Openssl 1.0.1Openssl Openssl 1.0.2dOracle Linux 6Oracle Linux 7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2023-45839mass assignmentCVE-2023-33082CVE-2023-49374CVE-2023-23397XXECVE-2023-28585CVE-2023-45124
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook