OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 44.25%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory alloc...

  • EPSS 51.44%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger im...

  • EPSS 23.29%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attacker...

  • EPSS 13.36%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwr...

  • EPSS 16.95%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via ...

  • EPSS 13.33%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both sup...

  • EPSS 74.08%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2)...

  • EPSS 20%
  • Veröffentlicht 13.08.2014 23:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite ...

Exploit
  • EPSS 95.33%
  • Veröffentlicht 05.06.2014 21:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL...

  • EPSS 85.78%
  • Veröffentlicht 05.06.2014 21:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen...