OpenSSL

OpenSSL

274 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2006-4343

  • EPSS 6.93%
  • Veröffentlicht 28.09.2006 18:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer...

4.3

CVE-2006-4339

  • EPSS 8.53%
  • Veröffentlicht 05.09.2006 17:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key...

5

CVE-2005-2969

  • EPSS 9.39%
  • Veröffentlicht 18.10.2005 21:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allow...

7.5

CVE-2005-2946

  • EPSS 0.19%
  • Veröffentlicht 16.09.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signatur...

5.1

CVE-2005-1797

  • EPSS 0.32%
  • Veröffentlicht 26.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.

2.1

CVE-2004-0975

  • EPSS 0.08%
  • Veröffentlicht 09.02.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

7.5

CVE-2004-0079

  • EPSS 2.17%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

5

CVE-2004-0081

  • EPSS 2.39%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

5

CVE-2004-0112

  • EPSS 0.7%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...

5

CVE-2003-0851

  • EPSS 7.2%
  • Veröffentlicht 01.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.