openssl openssl 0.9.8s vulnerabilities and exploits

(subscribe to this query)

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote malicious users to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

Openssl Openssl 0.9.8s Openssl Openssl 1.0.0f

OpenSSL prior to 0.9.8l, and 0.9.8m up to and including 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote malicious users to cause a denial of service (CPU consumption) by performing many renegot...

Openssl Openssl 0.9.8m Openssl Openssl 0.9.8n Openssl Openssl 0.9.8o Openssl Openssl 0.9.8p Openssl Openssl 0.9.8r Openssl Openssl 0.9.8s Openssl Openssl 0.9.8t Openssl Openssl 0.9.8u Openssl Openssl 0.9.8v Openssl Openssl 0.9.8w Openssl Openssl 0.9.8x Openssl Openssl

5 Github repositories

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 up to and including 0.9.8r and 1.0.x prior to 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote malicious users to cause a denial of service (daemon crash) v...

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 prior to 0.9.8zb, 1.0.0 prior to 1.0.0n, and 1.0.1 prior to 1.0.1i allows remote malicious users to cause a denial of service (application crash) via crafted DTLS packets that trigger an error cond...

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 prior to 0.9.8zb, 1.0.0 prior to 1.0.0n, and 1.0.1 prior to 1.0.1i allows remote malicious users to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations correspondi...

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 prior to 0.9.8zb, 1.0.0 prior to 1.0.0n, and 1.0.1 prior to 1.0.1i allows remote malicious users to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of...

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

1 Github repository

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 prior to 0.9.8zb, 1.0.0 prior to 1.0.0n, and 1.0.1 prior to 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent malicious users to obt...

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

1 Github repository

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 prior to 0.9.8zb, 1.0.0 prior to 1.0.0n, and 1.0.1 prior to 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake mess...

Openssl Openssl 0.9.8 Openssl Openssl 0.9.8a Openssl Openssl 0.9.8b Openssl Openssl 0.9.8c Openssl Openssl 0.9.8d Openssl Openssl 0.9.8e Openssl Openssl 0.9.8f Openssl Openssl 0.9.8g Openssl Openssl 0.9.8h Openssl Openssl 0.9.8i Openssl Openssl 0.9.8j Openssl Openssl 0.9.8k

1 Github repository

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and previous versions allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

Openssl Openssl Openssl Openssl 0.9.1c Openssl Openssl 0.9.2b Openssl Openssl 0.9.3 Openssl Openssl 0.9.3a Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5a Openssl Openssl 0.9.6 Openssl Openssl 0.9.6a Openssl Openssl 0.9.6b Openssl Openssl 0.9.6c

The GOST ENGINE in OpenSSL prior to 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote malicious users to cause a denial of service (daemon crash) via crafted data from a TLS client.

Openssl Openssl Openssl Openssl 0.9.1c Openssl Openssl 0.9.2b Openssl Openssl 0.9.3 Openssl Openssl 0.9.3a Openssl Openssl 0.9.4 Openssl Openssl 0.9.5 Openssl Openssl 0.9.5a Openssl Openssl 0.9.6 Openssl Openssl 0.9.6a Openssl Openssl 0.9.6b Openssl Openssl 0.9.6c

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook