OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 32.41%
  • Veröffentlicht 03.03.2016 20:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have uns...

  • EPSS 24.41%
  • Veröffentlicht 03.03.2016 20:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related...

  • EPSS 27.02%
  • Veröffentlicht 03.03.2016 20:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit stri...

  • EPSS 1.91%
  • Veröffentlicht 03.03.2016 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discov...

Medienbericht
  • EPSS 26.34%
  • Veröffentlicht 03.03.2016 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other imp...

  • EPSS 6.9%
  • Veröffentlicht 02.03.2016 11:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during us...

  • EPSS 5.4%
  • Veröffentlicht 02.03.2016 11:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary ciphe...

  • EPSS 82.11%
  • Veröffentlicht 01.03.2016 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote...

  • EPSS 83.65%
  • Veröffentlicht 15.02.2016 02:59:18
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent...

  • EPSS 10.73%
  • Veröffentlicht 15.02.2016 02:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 tra...