CVE-2007-4995
- EPSS 11.16%
- Veröffentlicht 13.10.2007 01:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:14
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-5135
- EPSS 16.06%
- Veröffentlicht 27.09.2007 20:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:30
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue wa...
CVE-2007-3108
- EPSS 0.41%
- Veröffentlicht 08.08.2007 01:17:00
- Zuletzt bearbeitet 16.06.2026 22:41:05
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
CVE-2006-2937
- EPSS 10.63%
- Veröffentlicht 28.09.2006 18:07:00
- Zuletzt bearbeitet 16.06.2026 22:26:04
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
CVE-2006-2940
- EPSS 4.9%
- Veröffentlicht 28.09.2006 18:07:00
- Zuletzt bearbeitet 16.06.2026 22:26:05
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates tha...
- EPSS 48.58%
- Veröffentlicht 28.09.2006 18:07:00
- Zuletzt bearbeitet 16.06.2026 22:27:41
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
CVE-2006-4343
- EPSS 17.42%
- Veröffentlicht 28.09.2006 18:07:00
- Zuletzt bearbeitet 16.06.2026 22:28:54
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer...
CVE-2006-4339
- EPSS 4.89%
- Veröffentlicht 05.09.2006 17:04:00
- Zuletzt bearbeitet 16.06.2026 22:28:53
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key...
- EPSS 4.87%
- Veröffentlicht 18.10.2005 21:02:00
- Zuletzt bearbeitet 16.06.2026 22:15:59
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allow...
CVE-2005-2946
- EPSS 0.84%
- Veröffentlicht 16.09.2005 22:03:00
- Zuletzt bearbeitet 16.06.2026 22:15:57
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signatur...