- EPSS 39.59%
- Veröffentlicht 08.02.2013 19:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
- EPSS 19.65%
- Veröffentlicht 08.02.2013 19:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi...
- EPSS 2.09%
- Veröffentlicht 20.06.2012 17:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:56
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traf...
- EPSS 67.7%
- Veröffentlicht 16.06.2012 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:29:24
OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing ma...
CVE-2012-2333
- EPSS 28.15%
- Veröffentlicht 14.05.2012 22:55:03
- Zuletzt bearbeitet 16.06.2026 23:41:22
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified...
CVE-2012-2131
- EPSS 17%
- Veröffentlicht 24.04.2012 20:55:02
- Zuletzt bearbeitet 16.06.2026 23:41:03
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER dat...
CVE-2012-2110
- EPSS 48.3%
- Veröffentlicht 19.04.2012 17:55:01
- Zuletzt bearbeitet 16.06.2026 23:41:00
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a de...
- EPSS 6.84%
- Veröffentlicht 15.03.2012 17:55:00
- Zuletzt bearbeitet 16.06.2026 23:39:10
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulne...
- EPSS 13.08%
- Veröffentlicht 13.03.2012 03:12:26
- Zuletzt bearbeitet 16.06.2026 23:38:27
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Millio...
- EPSS 6.99%
- Veröffentlicht 29.02.2012 11:55:04
- Zuletzt bearbeitet 16.06.2026 22:34:39
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.