FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567244
Date:      2021-03-03
Time:      18:18:08Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1d56cfc5-3970-11eb-929d-d4c9ef517024	OpenSSL -- NULL pointer de-reference The OpenSSL project reports: EDIPARTYNAME NULL pointer de-reference (High) The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. Discovery 2020-12-08 Entry 2020-12-08 Modified 2020-12-15 openssl ge 1.0.2,1 lt 1.1.1i,1 FreeBSD ge 12.2 lt 12.2_2 ge 12.1 lt 12.1_12 ge 11.4 lt 11.4_6 https://www.openssl.org/news/secadv/20201208.txt CVE-2020-1971 SA-20:33.openssl
012809ce-83f3-11ea-92ab-00163e433440	OpenSSL remote denial of service vulnerability Problem Description: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognized signature algorithm is received from the peer. Impact: A malicious peer could exploit the NULL pointer dereference crash, causing a denial of service attack. Discovery 2020-04-21 Entry 2020-04-21 Modified 2020-04-22 FreeBSD ge 12.1 lt 12.1_4 openssl ge 1.1.1,1 lt 1.1.1g,1 CVE-2020-1967 SA-20:11.openssl https://www.openssl.org/news/secadv/20200421.txt

VuXML ID

Description

1d56cfc5-3970-11eb-929d-d4c9ef517024

OpenSSL -- NULL pointer de-reference

The OpenSSL project reports:

EDIPARTYNAME NULL pointer de-reference (High)

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack.

Discovery 2020-12-08
Entry 2020-12-08
Modified 2020-12-15
openssl

ge 1.0.2,1 lt 1.1.1i,1

FreeBSD

ge 12.2 lt 12.2_2

ge 12.1 lt 12.1_12

ge 11.4 lt 11.4_6

https://www.openssl.org/news/secadv/20201208.txt
CVE-2020-1971
SA-20:33.openssl

012809ce-83f3-11ea-92ab-00163e433440

OpenSSL remote denial of service vulnerability

Problem Description:

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognized signature algorithm is received from the peer.

Impact:

A malicious peer could exploit the NULL pointer dereference crash, causing a denial of service attack.

Discovery 2020-04-21
Entry 2020-04-21
Modified 2020-04-22
FreeBSD

ge 12.1 lt 12.1_4

openssl

ge 1.1.1,1 lt 1.1.1g,1

CVE-2020-1967
SA-20:11.openssl
https://www.openssl.org/news/secadv/20200421.txt