OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 21.68%
  • Veröffentlicht 04.05.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to ...

  • EPSS 32.39%
  • Veröffentlicht 04.05.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

Exploit
  • EPSS 55.29%
  • Veröffentlicht 04.05.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial o...

  • EPSS 57.6%
  • Veröffentlicht 04.05.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can ...

  • EPSS 15.93%
  • Veröffentlicht 04.05.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be...

  • EPSS 12.87%
  • Veröffentlicht 04.05.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers ...

  • EPSS 30.22%
  • Veröffentlicht 26.09.2016 19:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

  • EPSS 70.22%
  • Veröffentlicht 26.09.2016 19:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

  • EPSS 14.07%
  • Veröffentlicht 26.09.2016 19:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

  • EPSS 13.84%
  • Veröffentlicht 26.09.2016 19:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem...