OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.74%
  • Veröffentlicht 26.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:13:42

The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.

  • EPSS 0.42%
  • Veröffentlicht 09.02.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:06:46

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

  • EPSS 9.54%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:04:53

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • EPSS 7.23%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:04:53

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • EPSS 10.42%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:04:57

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...

  • EPSS 5.41%
  • Veröffentlicht 01.12.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:03:04

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

  • EPSS 2.73%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:59:34

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as d...

  • EPSS 24.65%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:02:24

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.

  • EPSS 6.17%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:02:24

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer wh...

  • EPSS 85.45%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:02:24

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.