OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 3.43%
  • Veröffentlicht 31.05.2011 20:55:05
  • Zuletzt bearbeitet 16.06.2026 23:30:26

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it...

  • EPSS 9.85%
  • Veröffentlicht 19.02.2011 01:00:01
  • Zuletzt bearbeitet 16.06.2026 23:26:37

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake mes...

  • EPSS 3.43%
  • Veröffentlicht 06.12.2010 22:30:31
  • Zuletzt bearbeitet 16.06.2026 23:03:57

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing ...

Exploit
  • EPSS 8.08%
  • Veröffentlicht 06.12.2010 21:05:49
  • Zuletzt bearbeitet 16.06.2026 23:24:26

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending cra...

  • EPSS 9.5%
  • Veröffentlicht 06.12.2010 21:05:48
  • Zuletzt bearbeitet 16.06.2026 23:24:18

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an uninte...

  • EPSS 22.15%
  • Veröffentlicht 17.11.2010 16:00:01
  • Zuletzt bearbeitet 16.06.2026 23:23:42

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers ...

  • EPSS 9.98%
  • Veröffentlicht 17.08.2010 20:00:03
  • Zuletzt bearbeitet 16.06.2026 23:21:47

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (cras...

  • EPSS 7.83%
  • Veröffentlicht 03.06.2010 14:30:01
  • Zuletzt bearbeitet 16.06.2026 23:16:45

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid ...

  • EPSS 2.39%
  • Veröffentlicht 03.06.2010 14:30:01
  • Zuletzt bearbeitet 16.06.2026 23:18:45

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass int...

  • EPSS 20.35%
  • Veröffentlicht 26.03.2010 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:16:45

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi...