- EPSS 18.24%
- Veröffentlicht 19.05.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:09
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS...
- EPSS 2.59%
- Veröffentlicht 27.03.2009 16:30:02
- Zuletzt bearbeitet 16.06.2026 23:05:49
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the...
CVE-2009-0591
- EPSS 2.74%
- Veröffentlicht 27.03.2009 16:30:01
- Zuletzt bearbeitet 16.06.2026 23:05:22
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid bu...
- EPSS 6.19%
- Veröffentlicht 27.03.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:22
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid ...
CVE-2009-0653
- EPSS 1.15%
- Veröffentlicht 20.02.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:30
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
CVE-2008-5077
- EPSS 5.15%
- Veröffentlicht 07.01.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:12
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
- EPSS 5.29%
- Veröffentlicht 10.07.2008 17:41:00
- Zuletzt bearbeitet 16.06.2026 22:52:14
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client hand...
CVE-2008-0891
- EPSS 4.56%
- Veröffentlicht 29.05.2008 16:32:00
- Zuletzt bearbeitet 16.06.2026 22:50:33
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from ...
CVE-2008-1672
- EPSS 5%
- Veröffentlicht 29.05.2008 16:32:00
- Zuletzt bearbeitet 16.06.2026 22:52:13
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
CVE-2008-0166
- EPSS 70.72%
- Veröffentlicht 13.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:49:03
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptograp...