openssl openssl 0.9.8d vulnerabilities and exploits

(subscribe to this query)

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 prior to 0.9.8f allows remote malicious users to execute arbitrary code via unspecified vectors.

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e

OpenSSL prior to 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Openssl Openssl Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL prior to 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote malicious users to cause a denial of service (NULL pointer derefe...

Openssl Openssl Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j

Double free vulnerability in OpenSSL 0.9.8 prior to 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote malicious users to have an unspecified impact by triggering failure of a policy check.

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

1 Article

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote malicious users to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result ...

Openssl Openssl 0.9.7 Openssl Openssl 0.9.7a Openssl Openssl 0.9.7b Openssl Openssl 0.9.7c Openssl Openssl 0.9.7d Openssl Openssl 0.9.7e Openssl Openssl 0.9.7f Openssl Openssl 0.9.7g Openssl Openssl 0.9.7h Openssl Openssl 0.9.7i Openssl Openssl 0.9.7j Openssl Openssl 0.9.7k

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 up to and including 0.9.8r and 1.0.x prior to 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote malicious users to cause a denial of service (daemon crash) v...

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

crypto/bn/bn_nist.c in OpenSSL prior to 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curv...

Openssl Openssl Openssl Openssl 0.9.1c Openssl Openssl 0.9.2b Openssl Openssl 0.9.3 Openssl Openssl 0.9.3a Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5a Openssl Openssl 0.9.6 Openssl Openssl 0.9.6a Openssl Openssl 0.9.6b Openssl Openssl 0.9.6c

OpenSSL 0.9.8i and previous versions does not properly check the return value from the EVP_VerifyFinal function, which allows remote malicious users to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Openssl Openssl Openssl Openssl 0.9.1c Openssl Openssl 0.9.2b Openssl Openssl 0.9.3 Openssl Openssl 0.9.3a Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5a Openssl Openssl 0.9.6 Openssl Openssl 0.9.6a Openssl Openssl 0.9.6b Openssl Openssl 0.9.6c

OpenSSL prior to 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote malicious users to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certi...

Openssl Openssl Openssl Openssl 0.9.1c Openssl Openssl 0.9.2b Openssl Openssl 0.9.3 Openssl Openssl 0.9.3a Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5a Openssl Openssl 0.9.6 Openssl Openssl 0.9.6a Openssl Openssl 0.9.6b Openssl Openssl 0.9.6c

OpenSSL prior to 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote malicious users to force the use of a disabled cipher via vectors involving sniffing network traffic to dis...

Openssl Openssl Openssl Openssl 0.9.1c Openssl Openssl 0.9.2b Openssl Openssl 0.9.3 Openssl Openssl 0.9.3a Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5a Openssl Openssl 0.9.6 Openssl Openssl 0.9.6a Openssl Openssl 0.9.6b Openssl Openssl 0.9.6c

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook