openssl openssl 0.9.8c vulnerabilities and exploits

(subscribe to this query)

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 prior to 0.9.8f allows remote malicious users to execute arbitrary code via unspecified vectors.

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e

OpenSSL prior to 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Openssl Openssl Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL prior to 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote malicious users to cause a denial of service (NULL pointer derefe...

Openssl Openssl Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j

OpenSSL 0.9.7 prior to 0.9.7l and 0.9.8 prior to 0.9.8d allows remote malicious users to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

Openssl Openssl 0.9.7 Openssl Openssl 0.9.7a Openssl Openssl 0.9.7b Openssl Openssl 0.9.7c Openssl Openssl 0.9.7d Openssl Openssl 0.9.7e Openssl Openssl 0.9.7f Openssl Openssl 0.9.7g Openssl Openssl 0.9.7h Openssl Openssl 0.9.7i Openssl Openssl 0.9.7j Openssl Openssl 0.9.7k

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 prior to 0.9.7l, 0.9.8 prior to 0.9.8d, and previous versions versions has unspecified impact and remote attack vectors involving a long list of ciphers.

Openssl Openssl 0.9.7 Openssl Openssl 0.9.7a Openssl Openssl 0.9.7b Openssl Openssl 0.9.7c Openssl Openssl 0.9.7d Openssl Openssl 0.9.7e Openssl Openssl 0.9.7f Openssl Openssl 0.9.7g Openssl Openssl 0.9.7h Openssl Openssl 0.9.7i Openssl Openssl 0.9.7j Openssl Openssl 0.9.7k

Double free vulnerability in OpenSSL 0.9.8 prior to 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote malicious users to have an unspecified impact by triggering failure of a policy check.

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

1 Article

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote malicious users to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result ...

Openssl Openssl 0.9.7 Openssl Openssl 0.9.7a Openssl Openssl 0.9.7b Openssl Openssl 0.9.7c Openssl Openssl 0.9.7d Openssl Openssl 0.9.7e Openssl Openssl 0.9.7f Openssl Openssl 0.9.7g Openssl Openssl 0.9.7h Openssl Openssl 0.9.7i Openssl Openssl 0.9.7j Openssl Openssl 0.9.7k

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 prior to 0.9.7l, 0.9.8 prior to 0.9.8d, and previous versions versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Openssl Openssl 0.9.7 Openssl Openssl 0.9.7a Openssl Openssl 0.9.7b Openssl Openssl 0.9.7c Openssl Openssl 0.9.7d Openssl Openssl 0.9.7e Openssl Openssl 0.9.7f Openssl Openssl 0.9.7g Openssl Openssl 0.9.7h Openssl Openssl 0.9.7i Openssl Openssl 0.9.7j Openssl Openssl 0.9.7k

2 EDB exploits

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 up to and including 0.9.8r and 1.0.x prior to 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote malicious users to cause a denial of service (daemon crash) v...

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

OpenSSL 0.9.7 prior to 0.9.7l, 0.9.8 prior to 0.9.8d, and previous versions versions allows malicious users to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certif...

Openssl Openssl 0.9.1c Openssl Openssl 0.9.2b Openssl Openssl 0.9.3 Openssl Openssl 0.9.3a Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5a Openssl Openssl 0.9.6 Openssl Openssl 0.9.6a Openssl Openssl 0.9.6b Openssl Openssl 0.9.6c Openssl Openssl 0.9.6d

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook