OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 39.59%
  • Veröffentlicht 08.02.2013 19:55:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

  • EPSS 19.65%
  • Veröffentlicht 08.02.2013 19:55:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi...

  • EPSS 2.09%
  • Veröffentlicht 20.06.2012 17:55:01
  • Zuletzt bearbeitet 16.06.2026 23:35:56

The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traf...

  • EPSS 67.7%
  • Veröffentlicht 16.06.2012 21:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:24

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing ma...

  • EPSS 28.15%
  • Veröffentlicht 14.05.2012 22:55:03
  • Zuletzt bearbeitet 16.06.2026 23:41:22

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified...

  • EPSS 17%
  • Veröffentlicht 24.04.2012 20:55:02
  • Zuletzt bearbeitet 16.06.2026 23:41:03

Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER dat...

Exploit
  • EPSS 48.3%
  • Veröffentlicht 19.04.2012 17:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:00

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a de...

  • EPSS 6.84%
  • Veröffentlicht 15.03.2012 17:55:00
  • Zuletzt bearbeitet 16.06.2026 23:39:10

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulne...

  • EPSS 13.08%
  • Veröffentlicht 13.03.2012 03:12:26
  • Zuletzt bearbeitet 16.06.2026 23:38:27

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Millio...

  • EPSS 6.99%
  • Veröffentlicht 29.02.2012 11:55:04
  • Zuletzt bearbeitet 16.06.2026 22:34:39

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.