CVE-2016-7053
- EPSS 21.68%
- Veröffentlicht 04.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to ...
CVE-2016-7054
- EPSS 32.39%
- Veröffentlicht 04.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
CVE-2017-3730
- EPSS 55.29%
- Veröffentlicht 04.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial o...
CVE-2017-3731
- EPSS 57.6%
- Veröffentlicht 04.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can ...
CVE-2017-3732
- EPSS 15.93%
- Veröffentlicht 04.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be...
CVE-2017-3733
- EPSS 12.87%
- Veröffentlicht 04.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers ...
CVE-2016-7052
- EPSS 30.22%
- Veröffentlicht 26.09.2016 19:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
- EPSS 70.22%
- Veröffentlicht 26.09.2016 19:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
CVE-2016-6308
- EPSS 14.07%
- Veröffentlicht 26.09.2016 19:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
CVE-2016-6307
- EPSS 13.84%
- Veröffentlicht 26.09.2016 19:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem...