OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 16.53%
  • Veröffentlicht 09.01.2015 02:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted...

  • EPSS 6.57%
  • Veröffentlicht 09.01.2015 02:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerK...

  • EPSS 22.96%
  • Veröffentlicht 09.01.2015 02:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation fo...

  • EPSS 21.32%
  • Veröffentlicht 09.01.2015 02:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms ...

  • EPSS 20.65%
  • Veröffentlicht 24.12.2014 11:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon c...

  • EPSS 37.07%
  • Veröffentlicht 19.10.2014 01:55:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

  • EPSS 23.6%
  • Veröffentlicht 19.10.2014 01:55:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an...

  • EPSS 13.98%
  • Veröffentlicht 19.10.2014 01:55:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr...

  • EPSS 100%
  • Veröffentlicht 15.10.2014 00:55:02
  • Zuletzt bearbeitet 28.05.2026 18:16:23

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • EPSS 43.34%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that tri...