Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL prior to 0.9.8zc, 1.0.0 prior to 1.0.0o, and 1.0.1 prior to 1.0.1j allows remote malicious users to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.0.0n |
||
openssl openssl 1.0.1 |
||
openssl openssl 1.0.0c |
||
openssl openssl 1.0.0i |
||
openssl openssl 1.0.0 |
||
openssl openssl 1.0.1h |
||
openssl openssl 1.0.0m |
||
openssl openssl 1.0.1c |
||
openssl openssl 1.0.1g |
||
openssl openssl 1.0.0h |
||
openssl openssl 1.0.0e |
||
openssl openssl 1.0.0f |
||
openssl openssl 1.0.0d |
||
openssl openssl 1.0.0j |
||
openssl openssl 1.0.1a |
||
openssl openssl 1.0.1d |
||
openssl openssl 1.0.0k |
||
openssl openssl |
||
openssl openssl 1.0.1b |
||
openssl openssl 1.0.1e |
||
openssl openssl 1.0.1f |
||
openssl openssl 1.0.0l |
||
openssl openssl 1.0.0a |
||
openssl openssl 1.0.1i |
||
openssl openssl 1.0.0b |
||
openssl openssl 1.0.0g |
Four new patches for open-source crypto libraries
Poodle If you're using the popular OpenSSL open source cryptography library, you have more to worry about than the recently disclosed POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, project devs have warned. In addition to patching two POODLE-related bugs, new releases of OpenSSL issued on Wednesday also close a pair of memory leaks that can allow attackers to launch denial-of-service attacks against OpenSSL-enabled servers. The most serious of these is a bug in OpenSSL's ...