VuXML ID | Description |
238ae7de-dba2-11e8-b713-b499baebfeaf | OpenSSL -- Multiple vulnerabilities in 1.1 branch
The OpenSSL project reports:
Timing vulnerability in ECDSA signature generation
(CVE-2018-0735): The OpenSSL ECDSA signature algorithm has been
shown to be vulnerable to a timing side channel attack. An
attacker could use variations in the signing algorithm to
recover the private key (Low).
Timing vulnerability in DSA signature generation (CVE-2018-0734):
Avoid a timing attack that leaks information via a side channel
that triggers when a BN is resized. Increasing the size of the
BNs prior to doing anything with them suppresses the attack (Low).
Discovery 2018-10-29 Entry 2018-10-29 Modified 2018-11-10 openssl-devel
< 1.1.0i_1
openssl111
< 1.1.1_2
libressl
ge 2.8.0 lt 2.8.3
libressl-devel
ge 2.8.0 lt 2.8.3
https://www.openssl.org/news/secadv/20181029.txt
https://github.com/openssl/openssl/commit/8abfe72e
CVE-2018-0735
CVE-2018-0734
|
96a21236-707b-11eb-96d8-d4c9ef517024 | OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports:
Null pointer deref in X509_issuer_and_serial_hash()
CVE-2021-23841 (Moderate) The OpenSSL public API function
X509_issuer_and_serial_hash() attempts to create a unique hash
value based on the issuer and serial number data contained within
an X509 certificate. However it fails to correctly handle any errors
that may occur while parsing the issuer field (which might occur if
the issuer field is maliciously constructed). This may subsequently
result in a NULL pointer deref and a crash leading to a potential
denial of service attack.
Integer overflow in CipherUpdate CVE-2021-23840 (Low)
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
may overflow the output length argument in some cases where the
input length is close to the maximum permissable length for an
integer on the platform. In such cases the return value from the
function call will be 1 (indicating success), but the output length
value will be negative. This could cause applications to behave
incorrectly or crash.
Discovery 2021-02-16 Entry 2021-02-16 Modified 2021-08-25 openssl
< 1.1.1j,1
openssl-devel
< 3.0.0.a12
FreeBSD
ge 12.2 lt 12.2_10
ge 11.4 lt 11.4_13
https://www.openssl.org/news/secadv/20210216.txt
CVE-2021-23841
CVE-2021-23840
CVE-2021-23839
SA-21:17.openssl
|
96811d4a-04ec-11ec-9b84-d4c9ef517024 | OpenSSL -- multiple vulnerabilities
The OpenSSL project reports:
SM2 Decryption Buffer Overflow (CVE-2021-3711: High)
Read buffer overruns processing ASN.1 strings (CVE-2021-3712:
Moderate)
Discovery 2021-08-24 Entry 2021-08-24 Modified 2021-08-25 openssl
< 1.1.1l,1
openssl-devel
< 3.0.0.b3
FreeBSD
ge 13.0 lt 13.0_4
ge 12.2 lt 12.2_10
CVE-2021-3711
CVE-2021-3712
https://www.openssl.org/news/secadv/20210824.txt
SA-21:16.openssl
|
0132ca5b-5d11-11ec-8be6-d4c9ef517024 | OpenSSL -- Certificate validation issue
The OpenSSL project reports:
Invalid handling of X509_verify_cert() internal errors in libssl
(Moderate)
Internally libssl in OpenSSL calls X509_verify_cert() on the client
side to verify a certificate supplied by a server. That function may
return a negative return value to indicate an internal error (for
example out of memory). Such a negative return value is mishandled by
OpenSSL and will cause an IO function (such as SSL_connect() or
SSL_do_handshake()) to not indicate success and a subsequent call to
SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY.
This return value is only supposed to be returned by OpenSSL if the
application has previously called SSL_CTX_set_cert_verify_callback().
Since most applications do not do this the
SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be
totally unexpected and applications may not behave correctly as a
result. The exact behaviour will depend on the application but it
could result in crashes, infinite loops or other similar incorrect
responses.
Discovery 2021-12-14 Entry 2021-12-14 openssl-devel
< 3.0.1
CVE-2021-4044
https://www.openssl.org/news/secadv/20211214.txt
|