FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
88dfd92f-3b9c-11eb-929d-d4c9ef517024LibreSSL -- NULL pointer dereference

The LibreSSL project reports:

Malformed ASN.1 in a certificate revocation list or a timestamp response token can lead to a NULL pointer dereference.


Discovery 2020-12-08
Entry 2020-12-11
Modified 2020-12-12
libressl
gt 3.2.0 lt 3.2.3

< 3.1.5

libressl-devel
< 3.3.1

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.3-relnotes.txt
eeca52dc-866c-11eb-b8d6-d4c9ef517024LibreSSL -- use-after-free

OpenBSD reports:

A TLS client using session resumption may cause a use-after-free.


Discovery 2021-03-15
Entry 2021-03-16
libressl
< 3.2.4_1

https://marc.info/?l=openbsd-announce&m=161582456312832&w=2
https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/017_libssl.patch.sig
c82ecac5-6e3f-11e8-8777-b499baebfeafOpenSSL -- Client DoS due to large DH parameter

The OpenSSL project reports:

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.


Discovery 2018-06-12
Entry 2018-06-12
Modified 2018-07-24
libressl
libressl-devel
< 2.6.5

ge 2.7.0 lt 2.7.4

openssl
< 1.0.2o_4,1

openssl-devel
< 1.1.0h_2

https://www.openssl.org/news/secadv/20180612.txt
CVE-2018-0732