OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 11.16%
  • Veröffentlicht 13.10.2007 01:17:00
  • Zuletzt bearbeitet 16.06.2026 22:45:14

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

  • EPSS 16.06%
  • Veröffentlicht 27.09.2007 20:17:00
  • Zuletzt bearbeitet 16.06.2026 22:45:30

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue wa...

  • EPSS 0.41%
  • Veröffentlicht 08.08.2007 01:17:00
  • Zuletzt bearbeitet 16.06.2026 22:41:05

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

  • EPSS 10.63%
  • Veröffentlicht 28.09.2006 18:07:00
  • Zuletzt bearbeitet 16.06.2026 22:26:04

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

  • EPSS 4.9%
  • Veröffentlicht 28.09.2006 18:07:00
  • Zuletzt bearbeitet 16.06.2026 22:26:05

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates tha...

  • EPSS 48.58%
  • Veröffentlicht 28.09.2006 18:07:00
  • Zuletzt bearbeitet 16.06.2026 22:27:41

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

  • EPSS 17.42%
  • Veröffentlicht 28.09.2006 18:07:00
  • Zuletzt bearbeitet 16.06.2026 22:28:54

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer...

  • EPSS 4.89%
  • Veröffentlicht 05.09.2006 17:04:00
  • Zuletzt bearbeitet 16.06.2026 22:28:53

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key...

  • EPSS 4.87%
  • Veröffentlicht 18.10.2005 21:02:00
  • Zuletzt bearbeitet 16.06.2026 22:15:59

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allow...

  • EPSS 0.84%
  • Veröffentlicht 16.09.2005 22:03:00
  • Zuletzt bearbeitet 16.06.2026 22:15:57

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signatur...