OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 6.39%
  • Veröffentlicht 31.03.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:38

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the us...

  • EPSS 6.28%
  • Veröffentlicht 24.03.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:36

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKC...

  • EPSS 13.72%
  • Veröffentlicht 03.03.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:28

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cry...

  • EPSS 8.17%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:52

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

  • EPSS 89.82%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:52

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

  • EPSS 9.23%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:52

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.

  • EPSS 36.04%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:53

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

  • EPSS 4.99%
  • Veröffentlicht 10.07.2001 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:55:39

The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numb...

  • EPSS 1.44%
  • Veröffentlicht 12.06.2000 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:56

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.

  • EPSS 3.23%
  • Veröffentlicht 22.03.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:48:22

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.