OpenSSL

OpenSSL

274 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-7052

  • EPSS 13.86%
  • Veröffentlicht 26.09.2016 19:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

10

CVE-2016-6309

  • EPSS 28.21%
  • Veröffentlicht 26.09.2016 19:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

7.1

CVE-2016-6308

  • EPSS 24.25%
  • Veröffentlicht 26.09.2016 19:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

5.9

CVE-2016-6307

  • EPSS 20.87%
  • Veröffentlicht 26.09.2016 19:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem...

5.9

CVE-2016-6306

  • EPSS 9.14%
  • Veröffentlicht 26.09.2016 19:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

7.5

CVE-2016-6305

Exploit
  • EPSS 32.75%
  • Veröffentlicht 26.09.2016 19:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

7.8

CVE-2016-6304

  • EPSS 23.43%
  • Veröffentlicht 26.09.2016 19:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

9.8

CVE-2016-6303

  • EPSS 34.86%
  • Veröffentlicht 16.09.2016 05:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vect...

7.5

CVE-2016-6302

  • EPSS 15.09%
  • Veröffentlicht 16.09.2016 05:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

9.8

CVE-2016-2182

  • EPSS 32.52%
  • Veröffentlicht 16.09.2016 05:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified ot...