FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b7cff5a9-31cc-11e8-8f07-b499baebfeafOpenSSL -- multiple vulnerabilities

The OpenSSL project reports:

  • Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)

    Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.
  • rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

    There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation).

Discovery 2018-03-27
Entry 2018-03-27
openssl
< 1.0.2o,1

openssl-devel
< 1.1.0h

https://www.openssl.org/news/secadv/20180327.txt
CVE-2018-0739
CVE-2017-3738