VuXML ID | Description |
9d15355b-ce7c-11e4-9db0-d050992ecde8 | OpenSSL -- multiple vulnerabilities
OpenSSL project reports:
- Reclassified: RSA silently downgrades to EXPORT_RSA
[Client] (CVE-2015-0204). OpenSSL only.
- Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
- ASN.1 structure reuse memory corruption (CVE-2015-0287)
- PKCS#7 NULL pointer dereferences (CVE-2015-0289)
- Base64 decode (CVE-2015-0292). OpenSSL only.
- DoS via reachable assert in SSLv2 servers
(CVE-2015-0293). OpenSSL only.
- Use After Free following d2i_ECPrivatekey error
(CVE-2015-0209)
- X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
Discovery 2015-03-19 Entry 2015-03-19 Modified 2016-08-09 openssl
ge 1.0.1 lt 1.0.1_19
mingw32-openssl
ge 1.0.1 lt 1.0.1m
linux-c6-openssl
< 1.0.1e_4
libressl
le 2.1.5_1
FreeBSD
ge 10.1 lt 10.1_8
ge 9.3 lt 9.3_12
ge 8.4 lt 8.4_26
SA-15:06.openssl
ports/198681
CVE-2015-0204
CVE-2015-0286
CVE-2015-0287
CVE-2015-0289
CVE-2015-0292
CVE-2015-0293
CVE-2015-0209
CVE-2015-0288
https://www.openssl.org/news/secadv_20150319.txt
|
5631ae98-be9e-11e3-b5e3-c80aa9043978 | OpenSSL -- Remote Information Disclosure
OpenSSL Reports:
A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
The bug allows anyone on the Internet to read the memory of the
systems protected by the vulnerable versions of the OpenSSL software.
This compromises the secret keys used to identify the service
providers and to encrypt the traffic, the names and passwords of the
users and the actual content. This allows attackers to eavesdrop
communications, steal data directly from the services and users and
to impersonate services and users.
The code used to handle the Heartbeat Extension does not do
sufficient boundary checks on record length, which allows reading
beyond the actual payload.
Discovery 2014-04-07 Entry 2014-04-07 Modified 2014-04-11 openssl
ge 1.0.1 lt 1.0.1_10
mingw32-openssl
ge 1.0.1 lt 1.0.1g
FreeBSD
ge 10.0 lt 10.0_1
CVE-2014-0160
SA-14:06.openssl
https://www.openssl.org/news/secadv_20140407.txt
https://www.openssl.org/news/vulnerabilities.html#2014-0076
http://www.heartbleed.com
|
7ccd4def-c1be-11e3-9d09-000c2980a9f3 | OpenSSL -- Local Information Disclosure
OpenSSL reports:
A flaw in the implementation of Montgomery Ladder Approach would
create a side-channel that leaks sensitive timing information.
A local attacker might be able to snoop a signing process and
might recover the signing key from it.
Discovery 2014-04-07 Entry 2014-04-11 openssl
ge 1.0.1 lt 1.0.1_10
mingw32-openssl
ge 1.0.1 lt 1.0.1g
FreeBSD
ge 8.3 lt 8.3_15
ge 8.4 lt 8.4_8
ge 9.1 lt 9.1_11
ge 9.2 lt 9.2_4
ge 10.0 lt 10.0_1
CVE-2014-0076
SA-14:06.openssl
https://www.openssl.org/news/vulnerabilities.html#2014-0076
|
0b8d7194-ca88-11e3-9d8d-c80aa9043978 | OpenSSL -- Remote Data Injection / DoS
Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx, are
prone to a race condition which may allow a remote attacker to
inject random data into other connections.
Discovery 2010-02-09 Entry 2014-04-23 Modified 2016-08-09 openssl
ge 1.0.1 lt 1.0.1_11
mingw32-openssl
ge 1.0.1 le 1.0.1g
FreeBSD
ge 10.0 lt 10.0_2
https://rt.openssl.org/Ticket/Display.html?id=2167
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
SA-14:09.openssl
CVE-2010-5298
|
5ac53801-ec2e-11e3-9cf3-3c970e169bc2 | OpenSSL -- multiple vulnerabilities
The OpenSSL Project reports:
An attacker using a carefully crafted handshake can force
the use of weak keying material in OpenSSL SSL/TLS clients
and servers. This can be exploited by a Man-in-the-middle
(MITM) attack where the attacker can decrypt and modify
traffic from the attacked client and server. [CVE-2014-0224]
By sending an invalid DTLS handshake to an OpenSSL DTLS
client the code can be made to recurse eventually crashing
in a DoS attack. [CVE-2014-0221]
A buffer overrun attack can be triggered by sending invalid
DTLS fragments to an OpenSSL DTLS client or server. This is
potentially exploitable to run arbitrary code on a vulnerable
client or server. [CVE-2014-0195]
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are
subject to a denial of service attack. [CVE-2014-3470]
Discovery 2014-06-05 Entry 2014-06-05 openssl
ge 1.0.1 lt 1.0.1_13
mingw32-openssl
ge 1.0.1 lt 1.0.1h
FreeBSD
ge 8.0 lt 8.4_12
ge 9.1 lt 9.1_15
ge 9.2 lt 9.2_8
ge 10.0 lt 10.0_5
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
SA-14:14.openssl
http://www.openssl.org/news/secadv_20140605.txt
|
8aff07eb-1dbd-11e4-b6ba-3c970e169bc2 | OpenSSL -- multiple vulnerabilities
The OpenSSL Project reports:
A flaw in OBJ_obj2txt may cause pretty printing functions
such as X509_name_oneline, X509_name_print_ex et al. to leak
some information from the stack. [CVE-2014-3508]
The issue affects OpenSSL clients and allows a malicious
server to crash the client with a null pointer dereference
(read) by specifying an SRP ciphersuite even though it was
not properly negotiated with the client. [CVE-2014-5139]
If a multithreaded client connects to a malicious server
using a resumed session and the server sends an ec point
format extension it could write up to 255 bytes to freed
memory. [CVE-2014-3509]
An attacker can force an error condition which causes
openssl to crash whilst processing DTLS packets due to
memory being freed twice. This can be exploited through
a Denial of Service attack. [CVE-2014-3505]
An attacker can force openssl to consume large amounts
of memory whilst processing DTLS handshake messages.
This can be exploited through a Denial of Service
attack. [CVE-2014-3506]
By sending carefully crafted DTLS packets an attacker
could cause openssl to leak memory. This can be exploited
through a Denial of Service attack. [CVE-2014-3507]
OpenSSL DTLS clients enabling anonymous (EC)DH
ciphersuites are subject to a denial of service attack.
A malicious server can crash the client with a null pointer
dereference (read) by specifying an anonymous (EC)DH
ciphersuite and sending carefully crafted handshake
messages. [CVE-2014-3510]
A flaw in the OpenSSL SSL/TLS server code causes the
server to negotiate TLS 1.0 instead of higher protocol
versions when the ClientHello message is badly
fragmented. This allows a man-in-the-middle attacker
to force a downgrade to TLS 1.0 even if both the server
and the client support a higher protocol version, by
modifying the client's TLS records. [CVE-2014-3511]
A malicious client or server can send invalid SRP
parameters and overrun an internal buffer. Only
applications which are explicitly set up for SRP
use are affected. [CVE-2014-3512]
Discovery 2014-08-06 Entry 2014-08-06 Modified 2016-08-09 openssl
ge 1.0.1 lt 1.0.1_14
mingw32-openssl
ge 1.0.1 lt 1.0.1i
FreeBSD
ge 8.4 lt 8.4_15
ge 9.1 lt 9.1_18
ge 9.2 lt 9.2_11
ge 9.3 lt 9.3_1
ge 10.0 lt 10.0_8
https://www.openssl.org/news/secadv_20140806.txt
SA-14:18.openssl
CVE-2014-3505
CVE-2014-3506
CVE-2014-3507
CVE-2014-3508
CVE-2014-3509
CVE-2014-3510
CVE-2014-3511
CVE-2014-3512
CVE-2014-5139
|
03175e62-5494-11e4-9cc1-bc5ff4fb5e7b | OpenSSL -- multiple vulnerabilities
The OpenSSL Project reports:
A flaw in the DTLS SRTP extension parsing code allows an
attacker, who sends a carefully crafted handshake message,
to cause OpenSSL to fail to free up to 64k of memory causing
a memory leak. This could be exploited in a Denial Of Service
attack. This issue affects OpenSSL 1.0.1 server implementations
for both SSL/TLS and DTLS regardless of whether SRTP is used
or configured. Implementations of OpenSSL that have been
compiled with OPENSSL_NO_SRTP defined are not affected.
[CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session
ticket the integrity of that ticket is first verified.
In the event of a session ticket integrity check failing,
OpenSSL will fail to free memory causing a memory leak.
By sending a large number of invalid session tickets an
attacker could exploit this issue in a Denial Of Service
attack. [CVE-2014-3567].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow
applications to block the ability for a MITM attacker to
force a protocol downgrade.
Some client applications (such as browsers) will reconnect
using a downgraded protocol to work around interoperability
bugs in older servers. This could be exploited by an active
man-in-the-middle to downgrade connections to SSL 3.0 even
if both sides of the connection support higher protocols.
SSL 3.0 contains a number of weaknesses including POODLE
[CVE-2014-3566].
When OpenSSL is configured with "no-ssl3" as a build option,
servers could accept and complete a SSL 3.0 handshake, and
clients could be configured to send them. [CVE-2014-3568].
Discovery 2014-10-15 Entry 2014-10-15 Modified 2016-08-09 openssl
ge 1.0.1 lt 1.0.1_16
mingw32-openssl
ge 1.0.1 lt 1.0.1j
linux-c6-openssl
< 1.0.1e_1
FreeBSD
ge 8.4 lt 8.4_17
ge 9.1 lt 9.1_20
ge 9.2 lt 9.2_13
ge 9.3 lt 9.3_3
ge 10.0 lt 10.0_10
SA-14:23.openssl
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
https://www.openssl.org/news/secadv_20141015.txt
|
4e536c14-9791-11e4-977d-d050992ecde8 | OpenSSL -- multiple vulnerabilities
OpenSSL project reports:
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Certificate fingerprints can be modified (CVE-2014-8275)
Bignum squaring may produce incorrect results (CVE-2014-3570)
Discovery 2015-01-08 Entry 2015-01-08 Modified 2016-08-09 openssl
ge 1.0.1 lt 1.0.1_17
mingw32-openssl
ge 1.0.1 lt 1.0.1k
linux-c6-openssl
< 1.0.1e_3
FreeBSD
ge 10.1 lt 10.1_4
ge 10.0 lt 10.0_16
ge 9.3 lt 9.3_8
ge 8.4 lt 8.4_22
SA-15:01.openssl
CVE-2014-3569
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
CVE-2015-0205
CVE-2015-0206
https://www.openssl.org/news/secadv_20150108.txt
|
3679fd10-c5d1-11e5-b85f-0018fe623f2b | openssl -- multiple vulnerabilities
OpenSSL project reports:
- Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC 5114
support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that are
not "safe" then an attacker could use this fact to find a peer's private
DH exponent. This attack requires that the attacker complete multiple
handshakes in which the peer uses the same private DH exponent. For example
this could be used to discover a TLS server's private DH exponent if it's
reusing the private DH exponent or it's using a static DH ciphersuite.
OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
TLS. It is not on by default. If the option is not set then the server
reuses the same private DH exponent for the life of the server process and
would be vulnerable to this attack. It is believed that many popular
applications do set this option and would therefore not be at risk.
(CVE-2016-0701)
- A malicious client can negotiate SSLv2 ciphers that have been disabled on
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
been disabled, provided that the SSLv2 protocol was not also disabled via
SSL_OP_NO_SSLv2.
(CVE-2015-3197)
Discovery 2016-01-22 Entry 2016-01-28 Modified 2016-08-09 openssl
< 1.0.2_7
mingw32-openssl
ge 1.0.1 lt 1.0.2f
FreeBSD
ge 10.2 lt 10.2_12
ge 10.1 lt 10.1_29
ge 9.3 lt 9.3_36
SA-16:11.openssl
CVE-2016-0701
CVE-2015-3197
https://www.openssl.org/news/secadv/20160128.txt
|
4c8d1d72-9b38-11e5-aece-d050996490d0 | openssl -- multiple vulnerabilities
OpenSSL project reports:
- BN_mod_exp may produce incorrect results on x86_64
(CVE-2015-3193)
- Certificate verify crash with missing PSS parameter
(CVE-2015-3194)
- X509_ATTRIBUTE memory leak (CVE-2015-3195)
- Race condition handling PSK identify hint
(CVE-2015-3196)
- Anon DH ServerKeyExchange with 0 p parameter
(CVE-2015-1794)
Discovery 2015-12-03 Entry 2015-12-05 Modified 2016-08-09 openssl
< 1.0.2_5
mingw32-openssl
ge 1.0.1 lt 1.0.2e
linux-c6-openssl
< 1.0.1e_7
FreeBSD
ge 10.2 lt 10.2_8
ge 10.1 lt 10.1_25
ge 9.3 lt 9.3_31
SA-15:26.openssl
CVE-2015-1794
CVE-2015-3193
CVE-2015-3194
CVE-2015-3195
CVE-2015-3196
https://www.openssl.org/news/secadv/20151203.txt
|
8305e215-1080-11e5-8ba2-000c2980a9f3 | openssl -- multiple vulnerabilities
The OpenSSL team reports:
- Missing DHE man-in-the-middle protection (Logjam)
(CVE-2015-4000)
- Malformed ECParameters causes infinite loop (CVE-2015-1788)
- Exploitable out-of-bounds read in X509_cmp_time
(CVE-2015-1789)
- PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)
- CMS verify infinite loop with unknown hash function
(CVE-2015-1792)
- Race condition handling NewSessionTicket (CVE-2015-1791)
- Invalid free in DTLS (CVE-2014-8176)
Discovery 2015-06-11 Entry 2015-06-11 Modified 2016-08-09 openssl
< 1.0.2_2
mingw32-openssl
ge 1.0.1 lt 1.0.2b
linux-c6-openssl
< 1.0.1e_6
libressl
< 2.1.7
FreeBSD
ge 10.1 lt 10.1_12
ge 9.3 lt 9.3_16
ge 8.4 lt 8.4_30
CVE-2014-8176
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-4000
SA-15:10.openssl
https://www.openssl.org/news/secadv_20150611.txt
|