openssl openssl 1.0.1j vulnerabilities and exploits

(subscribe to this query)

The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 prior to 1.0.1s and 1.0.2 prior to 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote malicious users to cause a denial of service (out-of-bounds write or memory consumption) or p...

Openssl Openssl 1.0.1 Openssl Openssl 1.0.1a Openssl Openssl 1.0.1b Openssl Openssl 1.0.1c Openssl Openssl 1.0.1d Openssl Openssl 1.0.1e Openssl Openssl 1.0.1f Openssl Openssl 1.0.1g Openssl Openssl 1.0.1h Openssl Openssl 1.0.1i Openssl Openssl 1.0.1j Openssl Openssl 1.0.1k

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 prior to 1.0.1s and 1.0.2 prior to 1.0.2g allows remote malicious users to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c ...

Openssl Openssl 1.0.1 Openssl Openssl 1.0.1a Openssl Openssl 1.0.1b Openssl Openssl 1.0.1c Openssl Openssl 1.0.1d Openssl Openssl 1.0.1e Openssl Openssl 1.0.1f Openssl Openssl 1.0.1g Openssl Openssl 1.0.1h Openssl Openssl 1.0.1i Openssl Openssl 1.0.1j Openssl Openssl 1.0.1k

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 prior to 1.0.1s and 1.0.2 prior to 1.0.2g improperly calculates string lengths, which allows remote malicious users to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impac...

Openssl Openssl 1.0.1 Openssl Openssl 1.0.1a Openssl Openssl 1.0.1b Openssl Openssl 1.0.1c Openssl Openssl 1.0.1d Openssl Openssl 1.0.1e Openssl Openssl 1.0.1f Openssl Openssl 1.0.1g Openssl Openssl 1.0.1h Openssl Openssl 1.0.1i Openssl Openssl 1.0.1j Openssl Openssl 1.0.1k

The SSLv2 protocol, as used in OpenSSL prior to 1.0.1s and 1.0.2 prior to 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote malicious users to decryp...

Openssl Openssl 1.0.1 Openssl Openssl 1.0.1a Openssl Openssl 1.0.1b Openssl Openssl 1.0.1c Openssl Openssl 1.0.1d Openssl Openssl 1.0.1e Openssl Openssl 1.0.1f Openssl Openssl 1.0.1g Openssl Openssl 1.0.1h Openssl Openssl 1.0.1i Openssl Openssl 1.0.1j Openssl Openssl 1.0.1k

2 Nmap scripts2 Github repositories2 Articles

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in...

Openssl Openssl Openssl Openssl 1.0.0 Openssl Openssl 1.0.0a Openssl Openssl 1.0.0b Openssl Openssl 1.0.0c Openssl Openssl 1.0.0d Openssl Openssl 1.0.0e Openssl Openssl 1.0.0f Openssl Openssl 1.0.0g Openssl Openssl 1.0.0h Openssl Openssl 1.0.0i Openssl Openssl 1.0.0j

2 Nmap scripts

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher sui...

Openssl Openssl Openssl Openssl 1.0.0 Openssl Openssl 1.0.0a Openssl Openssl 1.0.0b Openssl Openssl 1.0.0c Openssl Openssl 1.0.0d Openssl Openssl 1.0.0e Openssl Openssl 1.0.0f Openssl Openssl 1.0.0g Openssl Openssl 1.0.0h Openssl Openssl 1.0.0i Openssl Openssl 1.0.0j

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 prior to 1.0.1s and 1.0.2 prior to 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a c...

Openssl Openssl 1.0.1 Openssl Openssl 1.0.1a Openssl Openssl 1.0.1b Openssl Openssl 1.0.1c Openssl Openssl 1.0.1d Openssl Openssl 1.0.1e Openssl Openssl 1.0.1f Openssl Openssl 1.0.1g Openssl Openssl 1.0.1h Openssl Openssl 1.0.1i Openssl Openssl 1.0.1j Openssl Openssl 1.0.1k

1 Github repository

Multiple integer overflows in OpenSSL 1.0.1 prior to 1.0.1s and 1.0.2 prior to 1.0.2g allow remote malicious users to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandle...

Openssl Openssl 1.0.1 Openssl Openssl 1.0.1a Openssl Openssl 1.0.1b Openssl Openssl 1.0.1c Openssl Openssl 1.0.1d Openssl Openssl 1.0.1e Openssl Openssl 1.0.1f Openssl Openssl 1.0.1g Openssl Openssl 1.0.1h Openssl Openssl 1.0.1i Openssl Openssl 1.0.1j Openssl Openssl 1.0.1k

OpenSSL prior to 0.9.8zc, 1.0.0 prior to 1.0.0o, and 1.0.1 prior to 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote malicious users to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

Openssl Openssl Openssl Openssl 1.0.0 Openssl Openssl 1.0.0a Openssl Openssl 1.0.0b Openssl Openssl 1.0.0c Openssl Openssl 1.0.0d Openssl Openssl 1.0.0e Openssl Openssl 1.0.0f Openssl Openssl 1.0.0g Openssl Openssl 1.0.0h Openssl Openssl 1.0.0i Openssl Openssl 1.0.0j

1 Article

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL prior to 0.9.8s, 1.0.0 prior to 1.0.0e, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows re...

Openssl Openssl Openssl Openssl 1.0.0 Openssl Openssl 1.0.0a Openssl Openssl 1.0.0b Openssl Openssl 1.0.0c Openssl Openssl 1.0.0d Openssl Openssl 1.0.0e Openssl Openssl 1.0.0f Openssl Openssl 1.0.0g Openssl Openssl 1.0.0h Openssl Openssl 1.0.0i Openssl Openssl 1.0.0j

1 Article

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook