openssl/openssl: The latest CVE Vulnerabilities and Exploits for Penetration Test

openssl/openssl Vulnerability Summary

• Vendor name: openssl
• Product name: openssl
• Total vulnerabilities: 213 (as 2023-05-04)

openssl/openssl Vulnerability List

CVE-2021-4160: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms…

Published: 2022-01-28T22:15:00 Last Modified: 2022-02-07T15:24:00

Summary

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4160 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
• https://www.openssl.org/news/secadv/20220128.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb

See also: All popular products CVE Vulnerabilities of openssl

CVE-2021-4044: Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate…

Published: 2021-12-14T19:15:00 Last Modified: 2022-02-10T15:12:00

Summary

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).

Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)

CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-4044 vulnerability.

References

• https://www.openssl.org/news/secadv/20211214.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256
• https://security.netapp.com/advisory/ntap-20211229-0003/

See also: All popular products CVE Vulnerabilities of openssl

CVE-2021-3712: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which…

Published: 2021-08-24T15:15:00 Last Modified: 2022-02-08T13:15:00

Summary

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL’s own “d2i” functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the “data” and “length” fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the “data” field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

• Impact Score: 4.9
• Exploitability Score: 8.6
• CVSS: 5.8
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3712 vulnerability.

References

• https://www.openssl.org/news/secadv/20210824.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
• https://www.debian.org/security/2021/dsa-4963
• https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
• http://www.openwall.com/lists/oss-security/2021/08/26/2
• https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
• https://security.netapp.com/advisory/ntap-20210827-0010/
• https://www.tenable.com/security/tns-2021-16
• https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
• https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10366
• https://www.tenable.com/security/tns-2022-02
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf

See also: All popular products CVE Vulnerabilities of openssl

CVE-2021-3711: In order to decrypt SM2 encrypted data an application is expected to call the API function…

Published: 2021-08-24T15:15:00 Last Modified: 2022-02-07T16:16:00

Summary

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the “out” parameter can be NULL and, on exit, the “outlen” parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the “out” parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Scores

• Impact Score: 6.4
• Exploitability Score: 10.0
• CVSS: 7.5
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3711 vulnerability.

References

• https://www.openssl.org/news/secadv/20210824.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
• https://www.debian.org/security/2021/dsa-4963
• https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
• http://www.openwall.com/lists/oss-security/2021/08/26/2
• https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
• https://security.netapp.com/advisory/ntap-20210827-0010/
• https://www.tenable.com/security/tns-2021-16
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://security.netapp.com/advisory/ntap-20211022-0003/
• https://www.tenable.com/security/tns-2022-02
• https://www.oracle.com/security-alerts/cpujan2022.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message…

Published: 2021-03-25T15:15:00 Last Modified: 2021-10-20T11:17:00

Summary

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3449 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
• https://www.openssl.org/news/secadv/20210325.txt
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
• https://www.debian.org/security/2021/dsa-4875
• https://security.netapp.com/advisory/ntap-20210326-0006/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
• http://www.openwall.com/lists/oss-security/2021/03/27/1
• http://www.openwall.com/lists/oss-security/2021/03/27/2
• http://www.openwall.com/lists/oss-security/2021/03/28/3
• http://www.openwall.com/lists/oss-security/2021/03/28/4
• https://security.gentoo.org/glsa/202103-03
• https://www.tenable.com/security/tns-2021-06
• https://www.tenable.com/security/tns-2021-05
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
• https://kc.mcafee.com/corporate/index?page=content&id=SB10356
• https://www.tenable.com/security/tns-2021-09
• https://security.netapp.com/advisory/ntap-20210513-0002/
• https://www.tenable.com/security/tns-2021-10
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2021-3450: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present…

Published: 2021-03-25T15:15:00 Last Modified: 2021-10-20T11:17:00

Summary

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a “purpose” has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named “purpose” values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).

Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation

CWE Description: The software does not validate, or incorrectly validates, a certificate.

Scores

• Impact Score: 4.9
• Exploitability Score: 8.6
• CVSS: 5.8
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-3450 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
• https://www.openssl.org/news/secadv/20210325.txt
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
• https://security.netapp.com/advisory/ntap-20210326-0006/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
• http://www.openwall.com/lists/oss-security/2021/03/27/1
• http://www.openwall.com/lists/oss-security/2021/03/27/2
• http://www.openwall.com/lists/oss-security/2021/03/28/3
• http://www.openwall.com/lists/oss-security/2021/03/28/4
• https://security.gentoo.org/glsa/202103-03
• https://www.tenable.com/security/tns-2021-05
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
• https://www.tenable.com/security/tns-2021-08
• https://kc.mcafee.com/corporate/index?page=content&id=SB10356
• https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html
• https://www.tenable.com/security/tns-2021-09
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2021-23839: OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is…

Published: 2021-02-16T17:15:00 Last Modified: 2021-12-10T18:12:00

Summary

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).

Common Weakness Enumeration (CWE): CWE-326: Inadequate Encryption Strength

CWE Description: The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: NONE
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-23839 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30919ab80a478f2d81f2e9acdcca3fa4740cd547
• https://www.openssl.org/news/secadv/20210216.txt
• https://security.netapp.com/advisory/ntap-20210219-0009/
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2021-23841: The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash…

Published: 2021-02-16T17:15:00 Last Modified: 2021-12-10T18:13:00

Summary

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-23841 vulnerability.

References

• https://www.openssl.org/news/secadv/20210216.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
• https://www.debian.org/security/2021/dsa-4855
• https://security.netapp.com/advisory/ntap-20210219-0009/
• https://www.tenable.com/security/tns-2021-03
• https://security.gentoo.org/glsa/202103-03
• https://www.tenable.com/security/tns-2021-09
• https://security.netapp.com/advisory/ntap-20210513-0002/
• https://support.apple.com/kb/HT212529
• https://support.apple.com/kb/HT212528
• https://support.apple.com/kb/HT212534
• http://seclists.org/fulldisclosure/2021/May/68
• http://seclists.org/fulldisclosure/2021/May/67
• http://seclists.org/fulldisclosure/2021/May/70
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2021-23840: Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length…

Published: 2021-02-16T17:15:00 Last Modified: 2022-02-07T16:15:00

Summary

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2021-23840 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
• https://www.openssl.org/news/secadv/20210216.txt
• https://www.debian.org/security/2021/dsa-4855
• https://security.netapp.com/advisory/ntap-20210219-0009/
• https://www.tenable.com/security/tns-2021-03
• https://security.gentoo.org/glsa/202103-03
• https://www.tenable.com/security/tns-2021-09
• https://www.tenable.com/security/tns-2021-10
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
• https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10366
• https://www.oracle.com/security-alerts/cpujan2022.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2020-1971: The X.509 GeneralName type is a generic type for representing different types of names. One of…

Published: 2020-12-08T16:15:00 Last Modified: 2021-10-20T11:15:00

Summary

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL’s s_server, s_client and verify tools have support for the “-crl_download” option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL’s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1971 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920
• https://www.openssl.org/news/secadv/20201208.txt
• https://www.debian.org/security/2020/dsa-4807
• https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc
• https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html
• https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/
• https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E
• https://security.netapp.com/advisory/ntap-20201218-0005/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/
• https://www.tenable.com/security/tns-2020-11
• https://security.gentoo.org/glsa/202012-13
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E
• https://www.tenable.com/security/tns-2021-09
• https://security.netapp.com/advisory/ntap-20210513-0002/
• https://www.tenable.com/security/tns-2021-10
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• http://www.openwall.com/lists/oss-security/2021/09/14/2
• https://www.oracle.com/security-alerts/cpuoct2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2020-1968: The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being…

Published: 2020-09-09T14:15:00 Last Modified: 2021-12-10T18:12:00

Summary

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy

CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1968 vulnerability.

References

• https://www.openssl.org/news/secadv/20200909.txt
• https://security.netapp.com/advisory/ntap-20200911-0004/
• https://usn.ubuntu.com/4504-1/
• https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2020-1967: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3…

Published: 2020-04-21T14:15:00 Last Modified: 2021-12-10T17:11:00

Summary

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the “signature_algorithms_cert” TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1967 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1
• https://www.openssl.org/news/secadv/20200421.txt
• https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc
• https://www.debian.org/security/2020/dsa-4661
• http://www.openwall.com/lists/oss-security/2020/04/22/2
• https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440
• https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E
• https://security.gentoo.org/glsa/202004-10
• https://security.netapp.com/advisory/ntap-20200424-0003/
• https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
• https://www.tenable.com/security/tns-2020-03
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
• https://github.com/irsl/CVE-2020-1967
• http://seclists.org/fulldisclosure/2020/May/5
• http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
• https://www.synology.com/security/advisory/Synology_SA_20_05
• https://www.tenable.com/security/tns-2020-04
• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://security.netapp.com/advisory/ntap-20200717-0004/
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.tenable.com/security/tns-2020-11
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.tenable.com/security/tns-2021-10
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2019-1551: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with…

Published: 2019-12-06T18:15:00 Last Modified: 2021-07-21T11:39:00

Summary

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-1551 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f
• https://www.openssl.org/news/secadv/20191206.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98
• https://security.netapp.com/advisory/ntap-20191210-0001/
• https://seclists.org/bugtraq/2019/Dec/39
• http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html
• https://www.debian.org/security/2019/dsa-4594
• https://seclists.org/bugtraq/2019/Dec/46
• https://www.tenable.com/security/tns-2019-09
• http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html
• https://security.gentoo.org/glsa/202004-10
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/
• https://www.tenable.com/security/tns-2020-03
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/
• https://usn.ubuntu.com/4376-1/
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://usn.ubuntu.com/4504-1/
• https://www.tenable.com/security/tns-2020-11
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.debian.org/security/2021/dsa-4855
• https://www.tenable.com/security/tns-2021-10
• https://www.oracle.com/security-alerts/cpuApr2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2019-1547: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel…

Published: 2019-09-10T17:15:00 Last Modified: 2021-07-31T08:15:00

Summary

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Scores

• Impact Score: 2.9
• Exploitability Score: 3.4
• CVSS: 1.9
• CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-1547 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8
• https://www.openssl.org/news/secadv/20190910.txt
• https://arxiv.org/abs/1909.01785
• https://seclists.org/bugtraq/2019/Sep/25
• http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
• https://security.netapp.com/advisory/ntap-20190919-0002/
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
• https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
• https://seclists.org/bugtraq/2019/Oct/1
• https://seclists.org/bugtraq/2019/Oct/0
• https://www.debian.org/security/2019/dsa-4539
• https://www.debian.org/security/2019/dsa-4540
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
• https://support.f5.com/csp/article/K73422160?utm_source=f5support&utm_medium=RSS
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://security.gentoo.org/glsa/201911-04
• https://www.tenable.com/security/tns-2019-08
• https://www.tenable.com/security/tns-2019-09
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://security.netapp.com/advisory/ntap-20200122-0002/
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://usn.ubuntu.com/4376-1/
• https://security.netapp.com/advisory/ntap-20200416-0003/
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://usn.ubuntu.com/4376-2/
• https://usn.ubuntu.com/4504-1/
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10365

See also: All popular products CVE Vulnerabilities of openssl

CVE-2019-1549: OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include…

Published: 2019-09-10T17:15:00 Last Modified: 2020-10-20T22:15:00

Summary

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).

Common Weakness Enumeration (CWE): CWE-330: Use of Insufficiently Random Values

CWE Description: The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-1549 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be
• https://www.openssl.org/news/secadv/20190910.txt
• https://security.netapp.com/advisory/ntap-20190919-0002/
• https://support.f5.com/csp/article/K44070243
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
• https://seclists.org/bugtraq/2019/Oct/1
• https://www.debian.org/security/2019/dsa-4539
• https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://usn.ubuntu.com/4376-1/
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2019-1563: In situations where an attacker receives automated notification of the success or failure of a…

Published: 2019-09-10T17:15:00 Last Modified: 2021-07-31T08:15:00

Summary

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy

CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-1563 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64
• https://www.openssl.org/news/secadv/20190910.txt
• https://seclists.org/bugtraq/2019/Sep/25
• http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
• https://security.netapp.com/advisory/ntap-20190919-0002/
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
• https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
• https://seclists.org/bugtraq/2019/Oct/1
• https://seclists.org/bugtraq/2019/Oct/0
• https://www.debian.org/security/2019/dsa-4539
• https://www.debian.org/security/2019/dsa-4540
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
• https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://security.gentoo.org/glsa/201911-04
• https://www.tenable.com/security/tns-2019-09
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://usn.ubuntu.com/4376-1/
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://usn.ubuntu.com/4376-2/
• https://usn.ubuntu.com/4504-1/
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10365

See also: All popular products CVE Vulnerabilities of openssl

CVE-2019-1552: OpenSSL has internal defaults for a directory tree where it can find a configuration file as well…

Published: 2019-07-30T17:15:00 Last Modified: 2021-07-31T08:15:00

Summary

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the –prefix / –openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be ‘/usr/local’. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of ‘C:/usr/local’, which may be world writable, which enables untrusted users to modify OpenSSL’s default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, ‘/usr/local/ssl’ is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own –prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation

CWE Description: The software does not validate, or incorrectly validates, a certificate.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.4
• CVSS: 1.9
• CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: NONE
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2019-1552 vulnerability.

References

• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d333ebaf9c77332754a9d5e111e2f53e1de54fdd
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e32bc855a81a2d48d215c506bdeb4f598045f7e9
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b15a19c148384e73338aa7c5b12652138e35ed28
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=54aa9d51b09d67e90db443f682cface795f5af9e
• https://www.openssl.org/news/secadv/20190730.txt
• https://security.netapp.com/advisory/ntap-20190823-0006/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
• https://support.f5.com/csp/article/K94041354
• https://support.f5.com/csp/article/K94041354?utm_source=f5support&utm_medium=RSS
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://www.tenable.com/security/tns-2019-08
• https://www.tenable.com/security/tns-2019-09
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.kb.cert.org/vuls/id/429301
• https://kc.mcafee.com/corporate/index?page=content&id=SB10365

See also: All popular products CVE Vulnerabilities of openssl

CVE-2019-1543: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption…

Published: 2019-03-06T21:29:00 Last Modified: 2021-07-31T08:15:00

Summary

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j).

Common Weakness Enumeration (CWE): CWE-330: Use of Insufficiently Random Values

CWE Description: The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Scores

• Impact Score: 4.9
• Exploitability Score: 8.6
• CVSS: 5.8
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-1543 vulnerability.

References

• https://www.openssl.org/news/secadv/20190306.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f426625b6ae9a7831010750490a5f0ad689c5ba3
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ee22257b1418438ebaf54df98af4e24f494d1809
• https://seclists.org/bugtraq/2019/Jul/3
• https://www.debian.org/security/2019/dsa-4475
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://access.redhat.com/errata/RHSA-2019:3700
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10365

See also: All popular products CVE Vulnerabilities of openssl

CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to…

Published: 2019-02-27T23:29:00 Last Modified: 2021-01-20T15:15:00

Summary

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable “non-stitched” ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy

CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2019-1559 vulnerability.

References

• https://www.openssl.org/news/secadv/20190226.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
• https://usn.ubuntu.com/3899-1/
• http://www.securityfocus.com/bid/107174
• https://www.debian.org/security/2019/dsa-4400
• https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html
• https://security.netapp.com/advisory/ntap-20190301-0002/
• https://security.netapp.com/advisory/ntap-20190301-0001/
• https://security.gentoo.org/glsa/201903-10
• https://support.f5.com/csp/article/K18549143
• https://www.tenable.com/security/tns-2019-02
• http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
• http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html
• http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html
• https://security.netapp.com/advisory/ntap-20190423-0002/
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.tenable.com/security/tns-2019-03
• https://kc.mcafee.com/corporate/index?page=content&id=SB10282
• http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html
• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://access.redhat.com/errata/RHSA-2019:2304
• https://access.redhat.com/errata/RHSA-2019:2437
• https://access.redhat.com/errata/RHSA-2019:2439
• https://access.redhat.com/errata/RHSA-2019:2471
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
• https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://access.redhat.com/errata/RHSA-2019:3929
• https://access.redhat.com/errata/RHSA-2019:3931
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://usn.ubuntu.com/4376-2/
• https://www.oracle.com/security-alerts/cpujan2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software…

Published: 2018-11-15T21:29:00 Last Modified: 2020-09-18T16:58:00

Summary

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on ‘port contention’.

Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy

CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.4
• CVSS: 1.9
• CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2018-5407 vulnerability.

• Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel by Billy Brumley at 2018-11-02

References

• https://github.com/bbbrumley/portsmash
• https://eprint.iacr.org/2018/1060.pdf
• https://www.exploit-db.com/exploits/45785/
• http://www.securityfocus.com/bid/105897
• https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
• https://security.netapp.com/advisory/ntap-20181126-0001/
• https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
• https://www.debian.org/security/2018/dsa-4348
• https://usn.ubuntu.com/3840-1/
• https://www.debian.org/security/2018/dsa-4355
• https://www.tenable.com/security/tns-2018-17
• https://www.tenable.com/security/tns-2018-16
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://security.gentoo.org/glsa/201903-10
• https://access.redhat.com/errata/RHSA-2019:0483
• https://access.redhat.com/errata/RHSA-2019:0652
• https://access.redhat.com/errata/RHSA-2019:0651
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://access.redhat.com/errata/RHSA-2019:2125
• https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS
• https://access.redhat.com/errata/RHSA-2019:3929
• https://access.redhat.com/errata/RHSA-2019:3935
• https://access.redhat.com/errata/RHSA-2019:3933
• https://access.redhat.com/errata/RHSA-2019:3931
• https://access.redhat.com/errata/RHSA-2019:3932
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/security-alerts/cpuapr2020.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2018-0734: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel…

Published: 2018-10-30T12:29:00 Last Modified: 2020-08-24T17:37:00

Summary

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-0734 vulnerability.

References

• https://www.openssl.org/news/secadv/20181030.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac
• http://www.securityfocus.com/bid/105758
• https://security.netapp.com/advisory/ntap-20181105-0002/
• https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
• https://www.debian.org/security/2018/dsa-4348
• https://usn.ubuntu.com/3840-1/
• https://www.debian.org/security/2018/dsa-4355
• https://www.tenable.com/security/tns-2018-17
• https://www.tenable.com/security/tns-2018-16
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://security.netapp.com/advisory/ntap-20190118-0002/
• https://security.netapp.com/advisory/ntap-20190423-0002/
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
• https://access.redhat.com/errata/RHSA-2019:2304
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
• https://access.redhat.com/errata/RHSA-2019:3700
• https://access.redhat.com/errata/RHSA-2019:3935
• https://access.redhat.com/errata/RHSA-2019:3933
• https://access.redhat.com/errata/RHSA-2019:3932
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/security-alerts/cpuapr2020.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel…

Published: 2018-10-29T13:29:00 Last Modified: 2020-08-24T17:37:00

Summary

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-0735 vulnerability.

References

• https://www.openssl.org/news/secadv/20181029.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1
• http://www.securitytracker.com/id/1041986
• http://www.securityfocus.com/bid/105750
• https://security.netapp.com/advisory/ntap-20181105-0002/
• https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
• https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
• https://www.debian.org/security/2018/dsa-4348
• https://usn.ubuntu.com/3840-1/
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://access.redhat.com/errata/RHSA-2019:3700
• https://www.oracle.com/security-alerts/cpujan2020.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-7056: A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user…

Published: 2018-09-10T16:29:00 Last Modified: 2019-10-09T23:19:00

Summary

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

Common Weakness Enumeration (CWE): CWE-320: Key Management Errors

CWE Description: Weaknesses in this category are related to errors in the management of cryptographic keys.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-7056 vulnerability.

References

• https://seclists.org/oss-sec/2017/q1/52
• https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008
• https://eprint.iacr.org/2016/1195
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056
• https://www.debian.org/security/2017/dsa-3773
• https://access.redhat.com/errata/RHSA-2017:1802
• https://access.redhat.com/errata/RHSA-2017:1801
• https://access.redhat.com/errata/RHSA-2017:1414
• https://access.redhat.com/errata/RHSA-2017:1413
• http://www.securitytracker.com/id/1037575
• http://www.securityfocus.com/bid/95375
• http://rhn.redhat.com/errata/RHSA-2017-1415.html
• https://security-tracker.debian.org/tracker/CVE-2016-7056
• https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig
• https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig

See also: All popular products CVE Vulnerabilities of openssl

CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can…

Published: 2018-06-12T13:29:00 Last Modified: 2021-06-08T12:15:00

Summary

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Common Weakness Enumeration (CWE): CWE-320: Key Management Errors

CWE Description: Weaknesses in this category are related to errors in the management of cryptographic keys.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-0732 vulnerability.

References

• https://www.openssl.org/news/secadv/20180612.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098
• http://www.securitytracker.com/id/1041090
• http://www.securityfocus.com/bid/104442
• https://usn.ubuntu.com/3692-2/
• https://usn.ubuntu.com/3692-1/
• https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
• https://access.redhat.com/errata/RHSA-2018:2553
• https://access.redhat.com/errata/RHSA-2018:2552
• https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
• https://www.tenable.com/security/tns-2018-12
• https://securityadvisories.paloaltonetworks.com/Home/Detail/133
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• https://www.tenable.com/security/tns-2018-14
• https://www.tenable.com/security/tns-2018-13
• https://access.redhat.com/errata/RHSA-2018:3221
• https://security.netapp.com/advisory/ntap-20181105-0001/
• https://access.redhat.com/errata/RHSA-2018:3505
• https://security.gentoo.org/glsa/201811-03
• https://www.debian.org/security/2018/dsa-4348
• https://www.debian.org/security/2018/dsa-4355
• https://www.tenable.com/security/tns-2018-17
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://security.netapp.com/advisory/ntap-20190118-0002/
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://access.redhat.com/errata/RHSA-2019:1297
• https://access.redhat.com/errata/RHSA-2019:1296
• https://access.redhat.com/errata/RHSA-2019:1543
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf

See also: All popular products CVE Vulnerabilities of openssl

CVE-2018-0737: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side…

Published: 2018-04-16T18:29:00 Last Modified: 2021-07-20T23:15:00

Summary

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-0737 vulnerability.

References

• https://www.openssl.org/news/secadv/20180416.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
• http://www.securitytracker.com/id/1040685
• http://www.securityfocus.com/bid/103766
• https://usn.ubuntu.com/3628-2/
• https://usn.ubuntu.com/3628-1/
• https://usn.ubuntu.com/3692-2/
• https://usn.ubuntu.com/3692-1/
• https://security.netapp.com/advisory/ntap-20180726-0003/
• https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
• https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
• https://www.tenable.com/security/tns-2018-12
• https://securityadvisories.paloaltonetworks.com/Home/Detail/133
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• https://www.tenable.com/security/tns-2018-14
• https://www.tenable.com/security/tns-2018-13
• https://access.redhat.com/errata/RHSA-2018:3221
• https://access.redhat.com/errata/RHSA-2018:3505
• https://security.gentoo.org/glsa/201811-21
• https://www.debian.org/security/2018/dsa-4348
• https://www.debian.org/security/2018/dsa-4355
• https://www.tenable.com/security/tns-2018-17
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
• https://access.redhat.com/errata/RHSA-2019:3935
• https://access.redhat.com/errata/RHSA-2019:3933
• https://access.redhat.com/errata/RHSA-2019:3932
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com//security-alerts/cpujul2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2018-0733: Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to…

Published: 2018-03-27T21:29:00 Last Modified: 2020-08-24T17:37:00

Summary

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: NONE
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-0733 vulnerability.

References

• https://www.openssl.org/news/secadv/20180327.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f
• http://www.securitytracker.com/id/1040576
• http://www.securityfocus.com/bid/103517
• https://security.netapp.com/advisory/ntap-20180330-0002/
• https://www.tenable.com/security/tns-2018-04
• https://www.tenable.com/security/tns-2018-07
• https://www.tenable.com/security/tns-2018-06
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• https://security.gentoo.org/glsa/201811-21
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could…

Published: 2018-03-27T21:29:00 Last Modified: 2021-07-20T23:15:00

Summary

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion

CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-0739 vulnerability.

References

• https://www.openssl.org/news/secadv/20180327.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
• http://www.securitytracker.com/id/1040576
• http://www.securityfocus.com/bid/103518
• https://usn.ubuntu.com/3611-1/
• https://www.debian.org/security/2018/dsa-4158
• https://www.debian.org/security/2018/dsa-4157
• https://security.netapp.com/advisory/ntap-20180330-0002/
• https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html
• https://usn.ubuntu.com/3611-2/
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://www.tenable.com/security/tns-2018-04
• https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
• https://www.tenable.com/security/tns-2018-07
• https://www.tenable.com/security/tns-2018-06
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• https://security.netapp.com/advisory/ntap-20180726-0002/
• https://securityadvisories.paloaltonetworks.com/Home/Detail/133
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• http://www.securityfocus.com/bid/105609
• https://access.redhat.com/errata/RHSA-2018:3221
• https://access.redhat.com/errata/RHSA-2018:3090
• https://access.redhat.com/errata/RHSA-2018:3505
• https://security.gentoo.org/glsa/201811-21
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://access.redhat.com/errata/RHSA-2019:0367
• https://access.redhat.com/errata/RHSA-2019:0366
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://access.redhat.com/errata/RHSA-2019:1711
• https://access.redhat.com/errata/RHSA-2019:1712
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://security.gentoo.org/glsa/202007-53
• https://www.oracle.com//security-alerts/cpujul2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an “error state” mechanism. The intent…

Published: 2017-12-07T16:29:00 Last Modified: 2019-10-03T00:03:00

Summary

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an “error state” mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3737 vulnerability.

References

• https://www.openssl.org/news/secadv/20171207.txt
• http://www.securitytracker.com/id/1039978
• http://www.securityfocus.com/bid/102103
• https://security.netapp.com/advisory/ntap-20171208-0001/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc
• https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/
• https://security.gentoo.org/glsa/201712-03
• https://www.debian.org/security/2017/dsa-4065
• https://www.tenable.com/security/tns-2017-16
• https://security.netapp.com/advisory/ntap-20180117-0002/
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc
• https://access.redhat.com/errata/RHSA-2018:0998
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://security.netapp.com/advisory/ntap-20180419-0002/
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation…

Published: 2017-12-07T16:29:00 Last Modified: 2019-04-23T19:30:00

Summary

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3738 vulnerability.

References

• https://www.openssl.org/news/secadv/20171207.txt
• http://www.securitytracker.com/id/1039978
• https://security.netapp.com/advisory/ntap-20171208-0001/
• http://www.securityfocus.com/bid/102118
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc
• https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
• https://security.gentoo.org/glsa/201712-03
• https://www.debian.org/security/2017/dsa-4065
• https://www.tenable.com/security/tns-2017-16
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a
• https://www.openssl.org/news/secadv/20180327.txt
• https://www.debian.org/security/2018/dsa-4157
• https://access.redhat.com/errata/RHSA-2018:0998
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://www.tenable.com/security/tns-2018-04
• https://www.tenable.com/security/tns-2018-07
• https://www.tenable.com/security/tns-2018-06
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-8610: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in…

Published: 2017-11-13T22:29:00 Last Modified: 2020-10-20T22:15:00

Summary

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-8610 vulnerability.

References

• https://security.360.cn/cve/CVE-2016-8610/
• https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
• http://seclists.org/oss-sec/2016/q4/224
• https://www.debian.org/security/2017/dsa-3773
• http://www.securitytracker.com/id/1037084
• http://www.securityfocus.com/bid/93841
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
• https://security.netapp.com/advisory/ntap-20171130-0001/
• https://access.redhat.com/errata/RHSA-2017:2494
• https://access.redhat.com/errata/RHSA-2017:2493
• https://access.redhat.com/errata/RHSA-2017:1802
• https://access.redhat.com/errata/RHSA-2017:1801
• https://access.redhat.com/errata/RHSA-2017:1658
• https://access.redhat.com/errata/RHSA-2017:1414
• https://access.redhat.com/errata/RHSA-2017:1413
• http://rhn.redhat.com/errata/RHSA-2017-1659.html
• http://rhn.redhat.com/errata/RHSA-2017-1415.html
• http://rhn.redhat.com/errata/RHSA-2017-0574.html
• http://rhn.redhat.com/errata/RHSA-2017-0286.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://security.paloaltonetworks.com/CVE-2016-8610
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2017-3736: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before…

Published: 2017-11-02T17:29:00 Last Modified: 2019-04-23T19:30:00

Summary

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 8.0
• CVSS: 4.0
• CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: SINGLE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3736 vulnerability.

References

• https://www.openssl.org/news/secadv/20171102.txt
• http://www.securitytracker.com/id/1039727
• https://www.debian.org/security/2017/dsa-4018
• https://www.debian.org/security/2017/dsa-4017
• http://www.securityfocus.com/bid/101666
• https://security.netapp.com/advisory/ntap-20171107-0002/
• https://www.tenable.com/security/tns-2017-14
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc
• https://www.tenable.com/security/tns-2017-15
• https://security.gentoo.org/glsa/201712-03
• https://security.netapp.com/advisory/ntap-20180117-0002/
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871
• https://access.redhat.com/errata/RHSA-2018:0998
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• https://access.redhat.com/errata/RHSA-2018:2568
• https://access.redhat.com/errata/RHSA-2018:2575
• https://access.redhat.com/errata/RHSA-2018:2713
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2017-3735: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-…

Published: 2017-08-28T19:29:00 Last Modified: 2021-07-20T23:15:00

Summary

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: NONE
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3735 vulnerability.

References

• https://www.openssl.org/news/secadv/20170828.txt
• http://www.securityfocus.com/bid/100515
• https://www.openssl.org/news/secadv/20171102.txt
• https://www.debian.org/security/2017/dsa-4018
• https://www.debian.org/security/2017/dsa-4017
• https://security.netapp.com/advisory/ntap-20171107-0002/
• https://security.netapp.com/advisory/ntap-20170927-0001/
• http://www.securitytracker.com/id/1039726
• https://www.tenable.com/security/tns-2017-14
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc
• https://www.tenable.com/security/tns-2017-15
• https://security.gentoo.org/glsa/201712-03
• https://support.apple.com/HT208331
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html
• https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
• https://usn.ubuntu.com/3611-2/
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• https://access.redhat.com/errata/RHSA-2018:3221
• https://access.redhat.com/errata/RHSA-2018:3505
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://www.oracle.com//security-alerts/cpujul2021.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-7055: There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in…

Published: 2017-05-04T20:29:00 Last Modified: 2019-07-02T15:12:00

Summary

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker’s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.

Common Weakness Enumeration (CWE): CWE-320: Key Management Errors

CWE Description: Weaknesses in this category are related to errors in the management of cryptographic keys.

Scores

• Impact Score: 2.9
• Exploitability Score: 4.9
• CVSS: 2.6
• CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: HIGH
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-7055 vulnerability.

References

• https://www.openssl.org/news/secadv/20161110.txt
• http://www.securityfocus.com/bid/94242
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us
• https://security.gentoo.org/glsa/201702-07
• http://www.securitytracker.com/id/1037261
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2017-04
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-7053: In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL…

Published: 2017-05-04T19:29:00 Last Modified: 2017-07-28T01:29:00

Summary

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-7053 vulnerability.

References

• https://www.openssl.org/news/secadv/20161110.txt
• http://www.securityfocus.com/bid/94244
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
• http://www.securitytracker.com/id/1037261

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-7054: In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are…

Published: 2017-05-04T19:29:00 Last Modified: 2017-09-03T01:29:00

Summary

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2016-7054 vulnerability.

• OpenSSL 1.1.0a/1.1.0b - Denial of Service by Silverfox at 2016-12-11

References

• https://www.openssl.org/news/secadv/20161110.txt
• http://www.securityfocus.com/bid/94238
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
• http://www.securitytracker.com/id/1037261
• https://www.exploit-db.com/exploits/40899/

See also: All popular products CVE Vulnerabilities of openssl

CVE-2017-3732: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2…

Published: 2017-05-04T19:29:00 Last Modified: 2019-04-23T19:29:00

Summary

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3732 vulnerability.

References

• https://www.openssl.org/news/secadv/20170126.txt
• http://www.securityfocus.com/bid/95814
• https://security.gentoo.org/glsa/201702-07
• http://www.securitytracker.com/id/1037717
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2017-04
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us
• https://access.redhat.com/errata/RHSA-2018:2568
• https://access.redhat.com/errata/RHSA-2018:2575
• https://access.redhat.com/errata/RHSA-2018:2713
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2017-3731: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used,…

Published: 2017-05-04T19:29:00 Last Modified: 2019-04-23T19:29:00

Summary

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3731 vulnerability.

References

• https://www.openssl.org/news/secadv/20170126.txt
• http://www.securityfocus.com/bid/95813
• https://security.gentoo.org/glsa/201702-07
• http://www.securitytracker.com/id/1037717
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2017-04
• http://www.debian.org/security/2017/dsa-3773
• https://security.netapp.com/advisory/ntap-20171019-0002/
• https://source.android.com/security/bulletin/pixel/2017-11-01
• https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2017-0286.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://security.paloaltonetworks.com/CVE-2017-3731

See also: All popular products CVE Vulnerabilities of openssl

CVE-2017-3730: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE…

Published: 2017-05-04T19:29:00 Last Modified: 2019-04-25T13:59:00

Summary

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2017-3730 vulnerability.

• OpenSSL 1.1.0 - Remote Client Denial of Service by Guido Vranken at 2017-01-26

References

• https://www.openssl.org/news/secadv/20170126.txt
• http://www.securityfocus.com/bid/95812
• https://security.gentoo.org/glsa/201702-07
• http://www.securitytracker.com/id/1037717
• https://www.exploit-db.com/exploits/41192/
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2017-3733: During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not…

Published: 2017-05-04T19:29:00 Last Modified: 2019-04-23T19:30:00

Summary

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-3733 vulnerability.

References

• https://www.openssl.org/news/secadv/20170216.txt
• http://www.securityfocus.com/bid/96269
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
• http://www.securitytracker.com/id/1037846
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-6304: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before…

Published: 2016-09-26T19:59:00 Last Modified: 2021-11-17T22:15:00

Summary

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 6.9
• Exploitability Score: 10.0
• CVSS: 7.8
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

• Availability: COMPLETE
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6304 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137
• https://www.openssl.org/news/secadv/20160922.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
• https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/93150
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://security.gentoo.org/glsa/201612-16
• https://kc.mcafee.com/corporate/index?page=content&id=SB10171
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• http://rhn.redhat.com/errata/RHSA-2016-2802.html
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.securitytracker.com/id/1037640
• http://www.securitytracker.com/id/1036878
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• https://access.redhat.com/errata/RHSA-2017:2494
• https://access.redhat.com/errata/RHSA-2017:2493
• https://access.redhat.com/errata/RHSA-2017:1802
• https://access.redhat.com/errata/RHSA-2017:1801
• https://access.redhat.com/errata/RHSA-2017:1658
• https://access.redhat.com/errata/RHSA-2017:1414
• https://access.redhat.com/errata/RHSA-2017:1413
• http://rhn.redhat.com/errata/RHSA-2017-1659.html
• http://rhn.redhat.com/errata/RHSA-2017-1415.html
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html
• http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10215
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• http://www.debian.org/security/2016/dsa-3673
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
• http://seclists.org/fulldisclosure/2016/Oct/62
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
• http://www.ubuntu.com/usn/USN-3087-2
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
• http://seclists.org/fulldisclosure/2016/Dec/47
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
• http://www.ubuntu.com/usn/USN-3087-1
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
• http://seclists.org/fulldisclosure/2017/Jul/31
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
• http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-6305: The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows…

Published: 2016-09-26T19:59:00 Last Modified: 2018-04-20T01:29:00

Summary

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6305 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9
• https://www.openssl.org/news/secadv/20160922.txt
• https://github.com/openssl/openssl/issues/1563
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/93149
• https://security.gentoo.org/glsa/201612-16
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.securitytracker.com/id/1036879
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-6306: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote…

Published: 2016-09-26T19:59:00 Last Modified: 2021-11-17T22:15:00

Summary

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6306 vulnerability.

References

• https://www.openssl.org/news/secadv/20160922.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
• https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/93153
• https://security.gentoo.org/glsa/201612-16
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.securitytracker.com/id/1036885
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10215
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
• http://www.debian.org/security/2016/dsa-3673
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
• https://support.f5.com/csp/article/K90492697
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
• http://www.ubuntu.com/usn/USN-3087-2
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
• http://www.ubuntu.com/usn/USN-3087-1
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
• http://seclists.org/fulldisclosure/2017/Jul/31
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-6307: The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking…

Published: 2016-09-26T19:59:00 Last Modified: 2018-04-20T01:29:00

Summary

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6307 vulnerability.

References

• https://www.openssl.org/news/secadv/20160922.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/93152
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.securitytracker.com/id/1036885
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-6308: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory…

Published: 2016-09-26T19:59:00 Last Modified: 2018-04-20T01:29:00

Summary

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 6.9
• Exploitability Score: 8.6
• CVSS: 7.1
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact

• Availability: COMPLETE
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6308 vulnerability.

References

• https://www.openssl.org/news/secadv/20160922.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/93151
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.securitytracker.com/id/1036885
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-6309: statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call,…

Published: 2016-09-26T19:59:00 Last Modified: 2018-07-12T01:29:00

Summary

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

Common Weakness Enumeration (CWE): CWE-416: Use After Free

CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Scores

• Impact Score: 10.0
• Exploitability Score: 10.0
• CVSS: 10.0
• CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

• Availability: COMPLETE
• Confidentiality: COMPLETE
• Integrity: COMPLETE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6309 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb
• https://www.openssl.org/news/secadv/20160926.txt
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/93177
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.securitytracker.com/id/1036885
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://www.tenable.com/security/tns-2016-20
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-7052: crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service…

Published: 2016-09-26T19:59:00 Last Modified: 2018-07-12T01:29:00

Summary

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-7052 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e
• https://www.openssl.org/news/secadv/20160926.txt
• http://www.securityfocus.com/bid/93171
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://security.gentoo.org/glsa/201612-16
• https://kc.mcafee.com/corporate/index?page=content&id=SB10171
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.securitytracker.com/id/1036885
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-20
• https://www.tenable.com/security/tns-2016-19
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2181: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use…

Published: 2016-09-16T05:59:00 Last Modified: 2021-11-17T22:15:00

Summary

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2181 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/92982
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.securitytracker.com/id/1036690
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• http://www.ubuntu.com/usn/USN-3087-2
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10215
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
• http://www.ubuntu.com/usn/USN-3087-1
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
• http://seclists.org/fulldisclosure/2017/Jul/31
• http://www.debian.org/security/2016/dsa-3673
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
• https://support.f5.com/csp/article/K59298921
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2179: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue…

Published: 2016-09-16T05:59:00 Last Modified: 2019-12-27T16:08:00

Summary

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2179 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/92987
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• https://www.openssl.org/news/vulnerabilities.html#y2017
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.securitytracker.com/id/1036689
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2182: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate…

Published: 2016-09-16T05:59:00 Last Modified: 2021-11-17T22:15:00

Summary

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

• Impact Score: 6.4
• Exploitability Score: 10.0
• CVSS: 7.5
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2182 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/92557
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://kc.mcafee.com/corporate/index?page=content&id=SB10171
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• https://source.android.com/security/bulletin/2017-03-01.html
• http://www.securitytracker.com/id/1037968
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.securitytracker.com/id/1036688
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185
• https://support.f5.com/csp/article/K01276005
• https://kc.mcafee.com/corporate/index?page=content&id=SB10215
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
• https://source.android.com/security/bulletin/2017-03-01
• http://www.debian.org/security/2016/dsa-3673
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
• http://www.ubuntu.com/usn/USN-3087-2
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
• http://www.ubuntu.com/usn/USN-3087-1
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
• http://seclists.org/fulldisclosure/2017/Jul/31
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-6302: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the…

Published: 2016-09-16T05:59:00 Last Modified: 2019-12-27T16:08:00

Summary

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation

CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6302 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/92628
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• https://www.openssl.org/news/vulnerabilities.html#y2017
• http://www.securitytracker.com/id/1036885
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://access.redhat.com/errata/RHSA-2018:2187
• https://access.redhat.com/errata/RHSA-2018:2186
• https://access.redhat.com/errata/RHSA-2018:2185

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-6303: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0…

Published: 2016-09-16T05:59:00 Last Modified: 2018-04-20T01:29:00

Summary

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write

CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

Scores

• Impact Score: 6.4
• Exploitability Score: 10.0
• CVSS: 7.5
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-6303 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1370146
• https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
• https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/92984
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• https://www.openssl.org/news/secadv/20160922.txt
• http://www.securitytracker.com/id/1036885
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols…

Published: 2016-09-01T00:59:00 Last Modified: 2021-11-17T22:15:00

Summary

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2183 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1369383
• https://www.openssl.org/blog/blog/2016/08/24/sweet32/
• https://access.redhat.com/articles/2548661
• https://www.ietf.org/mail-archive/web/tls/current/msg04560.html
• https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
• https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
• https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
• https://www.sigsac.org/ccs/CCS2016/accepted-papers/
• https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
• https://access.redhat.com/security/cve/cve-2016-2183
• https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
• https://sweet32.info/
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
• https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
• http://www.securityfocus.com/bid/92630
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://security.gentoo.org/glsa/201612-16
• https://kc.mcafee.com/corporate/index?page=content&id=SB10171
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa133
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
• http://www.securityfocus.com/bid/95568
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www-01.ibm.com/support/docview.wss?uid=swg21991482
• http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
• https://security.gentoo.org/glsa/201701-65
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
• https://security.gentoo.org/glsa/201707-01
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
• http://www.securitytracker.com/id/1036696
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2017-09
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.netapp.com/advisory/ntap-20170119-0001/
• https://security.netapp.com/advisory/ntap-20160915-0001/
• https://access.redhat.com/errata/RHSA-2017:3240
• https://access.redhat.com/errata/RHSA-2017:3239
• https://access.redhat.com/errata/RHSA-2017:3114
• https://access.redhat.com/errata/RHSA-2017:3113
• https://access.redhat.com/errata/RHSA-2017:2710
• https://access.redhat.com/errata/RHSA-2017:2709
• https://access.redhat.com/errata/RHSA-2017:2708
• https://access.redhat.com/errata/RHSA-2017:1216
• http://rhn.redhat.com/errata/RHSA-2017-0462.html
• http://rhn.redhat.com/errata/RHSA-2017-0338.html
• http://rhn.redhat.com/errata/RHSA-2017-0337.html
• http://rhn.redhat.com/errata/RHSA-2017-0336.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://access.redhat.com/errata/RHSA-2018:2123
• https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
• https://access.redhat.com/errata/RHSA-2019:1245
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://access.redhat.com/errata/RHSA-2019:2859
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://access.redhat.com/errata/RHSA-2020:0451
• https://kc.mcafee.com/corporate/index?page=content&id=SB10310
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• http://www.ubuntu.com/usn/USN-3270-1
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
• http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html
• http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html
• https://seclists.org/bugtraq/2018/Nov/21
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
• http://www.ubuntu.com/usn/USN-3372-1
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
• http://seclists.org/fulldisclosure/2017/May/105
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
• https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
• https://wiki.opendaylight.org/view/Security_Advisories
• http://www.ubuntu.com/usn/USN-3087-2
• http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
• http://www.ubuntu.com/usn/USN-3087-1
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
• http://www.ubuntu.com/usn/USN-3194-1
• http://www.ubuntu.com/usn/USN-3179-1
• http://www.ubuntu.com/usn/USN-3198-1
• http://seclists.org/fulldisclosure/2017/Jul/31
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
• http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
• http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded
• http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10215
• http://www.securityfocus.com/archive/1/539885/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
• http://www.securityfocus.com/archive/1/542005/100/0/threaded
• https://support.f5.com/csp/article/K13167034
• https://www.exploit-db.com/exploits/42091/
• http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
• http://www.debian.org/security/2016/dsa-3673
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
• http://www.securityfocus.com/archive/1/541104/100/0/threaded
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
• https://kc.mcafee.com/corporate/index?page=content&id=SB10186
• http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
• http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
• https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
• https://kc.mcafee.com/corporate/index?page=content&id=SB10197
• http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
• http://www.securityfocus.com/archive/1/540341/100/0/threaded

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2180: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-…

Published: 2016-08-01T02:59:00 Last Modified: 2019-12-27T16:08:00

Summary

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the “openssl ts” command.

Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read

CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2180 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1359615
• https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/92117
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://security.gentoo.org/glsa/201612-16
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• https://www.openssl.org/news/vulnerabilities.html#y2017
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.securitytracker.com/id/1036486
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2177: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which…

Published: 2016-06-20T01:59:00 Last Modified: 2021-11-17T22:15:00

Summary

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound

CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Scores

• Impact Score: 6.4
• Exploitability Score: 10.0
• CVSS: 7.5
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2177 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
• https://bugzilla.redhat.com/show_bug.cgi?id=1341705
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/91319
• http://www.securitytracker.com/id/1036088
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://security.gentoo.org/glsa/201612-16
• https://kc.mcafee.com/corporate/index?page=content&id=SB10165
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• https://access.redhat.com/errata/RHSA-2017:1658
• https://access.redhat.com/errata/RHSA-2017:0194
• https://access.redhat.com/errata/RHSA-2017:0193
• http://rhn.redhat.com/errata/RHSA-2017-1659.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/
• https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/
• https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager
• https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
• https://kc.mcafee.com/corporate/index?page=content&id=SB10215
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
• https://support.f5.com/csp/article/K23873366
• http://www.debian.org/security/2016/dsa-3673
• http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
• http://www.openwall.com/lists/oss-security/2016/06/08/9
• http://www.ubuntu.com/usn/USN-3181-1
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
• http://www.ubuntu.com/usn/USN-3087-2
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
• http://www.ubuntu.com/usn/USN-3087-1
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
• http://seclists.org/fulldisclosure/2017/Jul/31
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
• http://www.securityfocus.com/archive/1/540957/100/0/threaded

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2178: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly…

Published: 2016-06-20T01:59:00 Last Modified: 2021-11-17T22:15:00

Summary

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-2178 vulnerability.

References

• http://eprint.iacr.org/2016/594.pdf
• http://www.openwall.com/lists/oss-security/2016/06/09/8
• http://www.openwall.com/lists/oss-security/2016/06/08/2
• https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
• https://bugzilla.redhat.com/show_bug.cgi?id=1343400
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
• https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• http://www.securityfocus.com/bid/91081
• http://www.securitytracker.com/id/1036054
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://security.gentoo.org/glsa/201612-16
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa132
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
• https://access.redhat.com/errata/RHSA-2017:1658
• https://access.redhat.com/errata/RHSA-2017:0194
• https://access.redhat.com/errata/RHSA-2017:0193
• http://rhn.redhat.com/errata/RHSA-2017-1659.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-1940.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
• https://kc.mcafee.com/corporate/index?page=content&id=SB10215
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
• http://www.debian.org/security/2016/dsa-3673
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
• https://support.f5.com/csp/article/K53084033
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
• http://www.openwall.com/lists/oss-security/2016/06/08/12
• http://www.openwall.com/lists/oss-security/2016/06/08/11
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
• http://www.openwall.com/lists/oss-security/2016/06/08/10
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
• http://www.openwall.com/lists/oss-security/2016/06/08/6
• http://www.openwall.com/lists/oss-security/2016/06/08/5
• http://www.openwall.com/lists/oss-security/2016/06/08/4
• https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
• http://www.openwall.com/lists/oss-security/2016/06/08/8
• http://www.openwall.com/lists/oss-security/2016/06/08/7
• http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
• http://www.ubuntu.com/usn/USN-3087-2
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
• http://www.ubuntu.com/usn/USN-3087-1
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
• http://seclists.org/fulldisclosure/2017/Jul/31
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
• http://www.openwall.com/lists/oss-security/2016/06/09/2

See also: All popular products CVE Vulnerabilities of openssl

CVE-2000-1254: crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed…

Published: 2016-05-05T01:59:00 Last Modified: 2017-02-02T02:59:00

Summary

crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

CWE Description: Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2000-1254 vulnerability.

References

• http://marc.info/?l=openssl-users&m=95961024500509
• http://www.openwall.com/lists/oss-security/2016/05/04/17
• https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb
• http://www.securitytracker.com/id/1035750
• http://www.securityfocus.com/bid/90109
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2176: The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2…

Published: 2016-05-05T01:59:00 Last Modified: 2018-07-19T01:29:00

Summary

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 4.9
• Exploitability Score: 10.0
• CVSS: 6.4
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2176 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561
• https://www.openssl.org/news/secadv/20160503.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/89746
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://www.securitytracker.com/id/1035721
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• https://security.gentoo.org/glsa/201612-16
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• https://security.netapp.com/advisory/ntap-20160504-0001/
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2106: Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before…

Published: 2016-05-05T01:59:00 Last Modified: 2018-07-19T01:29:00

Summary

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2106 vulnerability.

References

• https://www.openssl.org/news/secadv/20160503.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://rhn.redhat.com/errata/RHSA-2016-1650.html
• http://rhn.redhat.com/errata/RHSA-2016-1648.html
• http://rhn.redhat.com/errata/RHSA-2016-1649.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
• http://www.securityfocus.com/bid/89744
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• https://source.android.com/security/bulletin/pixel/2017-11-01
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2108: The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers…

Published: 2016-05-05T01:59:00 Last Modified: 2018-01-05T02:30:00

Summary

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the “negative zero” issue.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 10.0
• Exploitability Score: 10.0
• CVSS: 10.0
• CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

• Availability: COMPLETE
• Confidentiality: COMPLETE
• Integrity: COMPLETE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2108 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
• https://www.openssl.org/news/secadv/20160503.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
• http://source.android.com/security/bulletin/2016-07-01.html
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.securityfocus.com/bid/89752
• https://access.redhat.com/errata/RHSA-2016:1137
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• http://support.citrix.com/article/CTX212736
• https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• https://access.redhat.com/errata/RHSA-2017:0194
• https://access.redhat.com/errata/RHSA-2017:0193
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t…

Published: 2016-05-05T01:59:00 Last Modified: 2019-02-21T15:09:00

Summary

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2105 vulnerability.

References

• https://www.openssl.org/news/secadv/20160503.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://rhn.redhat.com/errata/RHSA-2016-1650.html
• http://rhn.redhat.com/errata/RHSA-2016-1648.html
• http://rhn.redhat.com/errata/RHSA-2016-1649.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
• http://www.securityfocus.com/bid/89757
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• https://source.android.com/security/bulletin/pixel/2017-11-01
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2107: The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider…

Published: 2016-05-05T01:59:00 Last Modified: 2018-10-30T16:27:00

Summary

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 4.9
• CVSS: 2.6
• CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: HIGH
• Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2016-2107 vulnerability.

• OpenSSL - Padding Oracle in AES-NI CBC MAC Check by Juraj Somorovsky at 2016-05-04

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=68595c0c2886e7942a14f98c17a55a88afb6c292
• https://www.openssl.org/news/secadv/20160503.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
• http://source.android.com/security/bulletin/2016-07-01.html
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
• http://www.securityfocus.com/bid/89760
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
• http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
• https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
• https://www.exploit-db.com/exploits/39768/
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• http://support.citrix.com/article/CTX212736
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2109: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in…

Published: 2016-05-05T01:59:00 Last Modified: 2018-07-19T01:29:00

Summary

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 6.9
• Exploitability Score: 10.0
• CVSS: 7.8
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

• Availability: COMPLETE
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2109 vulnerability.

References

• https://www.openssl.org/news/secadv/20160503.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
• http://www.securityfocus.com/bid/87940
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://source.android.com/security/bulletin/2017-07-01
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0799: The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before…

Published: 2016-03-03T20:59:00 Last Modified: 2018-01-05T02:30:00

Summary

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 10.0
• Exploitability Score: 10.0
• CVSS: 10.0
• CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

• Availability: COMPLETE
• Confidentiality: COMPLETE
• Integrity: COMPLETE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0799 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
• http://openssl.org/news/secadv/20160301.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404
• http://marc.info/?l=bugtraq&m=146108058503441&w=2
• http://marc.info/?l=bugtraq&m=145983526810210&w=2
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.securityfocus.com/bid/83755
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• https://www.openssl.org/news/secadv/20160301.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
• http://www.debian.org/security/2016/dsa-3500
• https://security.gentoo.org/glsa/201603-15
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
• http://www.ubuntu.com/usn/USN-2914-1
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• http://www.securitytracker.com/id/1035133
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0797: Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote…

Published: 2016-03-03T20:59:00 Last Modified: 2018-01-05T02:30:00

Summary

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0797 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=c175308407858afff3fc8c2e5e085d94d12edc7d
• http://openssl.org/news/secadv/20160301.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10156
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
• http://marc.info/?l=bugtraq&m=145889460330120&w=2
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.securityfocus.com/bid/83763
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• https://www.openssl.org/news/secadv/20160301.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
• http://www.debian.org/security/2016/dsa-3500
• https://security.gentoo.org/glsa/201603-15
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
• http://www.ubuntu.com/usn/USN-2914-1
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• http://www.securitytracker.com/id/1035133
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-2957.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s…

Published: 2016-03-03T20:59:00 Last Modified: 2018-01-05T02:30:00

Summary

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a “CacheBleed” attack.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 3.4
• CVSS: 1.9
• CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-0702 vulnerability.

References

• http://cachebleed.info
• http://openssl.org/news/secadv/20160301.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
• http://marc.info/?l=bugtraq&m=145889460330120&w=2
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://www.openssl.org/news/secadv/20160301.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://www.debian.org/security/2016/dsa-3500
• https://security.gentoo.org/glsa/201603-15
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
• http://www.ubuntu.com/usn/USN-2914-1
• http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• http://www.securitytracker.com/id/1035133
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-2957.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL…

Published: 2016-03-03T20:59:00 Last Modified: 2019-02-20T16:59:00

Summary

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

Scores

• Impact Score: 10.0
• Exploitability Score: 10.0
• CVSS: 10.0
• CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

• Availability: COMPLETE
• Confidentiality: COMPLETE
• Integrity: COMPLETE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0705 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=6c88c71b4e4825c7bc0489306d062d017634eb88
• http://openssl.org/news/secadv/20160301.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://source.android.com/security/bulletin/2016-05-01.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
• http://marc.info/?l=bugtraq&m=146108058503441&w=2
• http://marc.info/?l=bugtraq&m=145983526810210&w=2
• http://marc.info/?l=bugtraq&m=145889460330120&w=2
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://www.securityfocus.com/bid/83754
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
• https://www.openssl.org/news/secadv/20160301.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://www.debian.org/security/2016/dsa-3500
• https://security.gentoo.org/glsa/201603-15
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
• http://www.ubuntu.com/usn/USN-2914-1
• http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• http://www.securitytracker.com/id/1035133
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• https://access.redhat.com/errata/RHSA-2018:2568
• https://access.redhat.com/errata/RHSA-2018:2575
• https://access.redhat.com/errata/RHSA-2018:2713

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0798: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2…

Published: 2016-03-03T20:59:00 Last Modified: 2017-11-21T02:29:00

Summary

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 6.9
• Exploitability Score: 10.0
• CVSS: 7.8
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

• Availability: COMPLETE
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0798 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21
• http://openssl.org/news/secadv/20160301.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.securityfocus.com/bid/83705
• https://www.openssl.org/news/secadv/20160301.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://www.ubuntu.com/usn/USN-2914-1
• http://www.debian.org/security/2016/dsa-3500
• https://security.gentoo.org/glsa/201603-15
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• http://www.securitytracker.com/id/1035133
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-2842: The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before…

Published: 2016-03-03T20:59:00 Last Modified: 2018-01-05T02:30:00

Summary

The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 10.0
• Exploitability Score: 10.0
• CVSS: 10.0
• CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

• Availability: COMPLETE
• Confidentiality: COMPLETE
• Integrity: COMPLETE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2842 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
• http://openssl.org/news/secadv/20160301.txt
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404
• http://marc.info/?l=bugtraq&m=146108058503441&w=2
• http://marc.info/?l=bugtraq&m=145983526810210&w=2
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10152
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
• http://www.securityfocus.com/bid/84169
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• https://security.netapp.com/advisory/ntap-20160321-0001/
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0704: An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2…

Published: 2016-03-02T11:59:00 Last Modified: 2018-01-18T18:18:00

Summary

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0704 vulnerability.

References

• https://drownattack.com
• https://git.openssl.org/?p=openssl.git;a=commit;h=ae50d8270026edf5b3c7f8aaa0c6677462b33d97
• http://openssl.org/news/secadv/20160301.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.securityfocus.com/bid/83764
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
• https://www.openssl.org/news/secadv/20160301.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
• https://security.gentoo.org/glsa/201603-15
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• http://www.securitytracker.com/id/1035133
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0703: The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before…

Published: 2016-03-02T11:59:00 Last Modified: 2022-01-25T17:15:00

Summary

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0703 vulnerability.

References

• https://drownattack.com
• https://git.openssl.org/?p=openssl.git;a=commit;h=ae50d8270026edf5b3c7f8aaa0c6677462b33d97
• http://openssl.org/news/secadv/20160301.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.securityfocus.com/bid/83743
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
• https://www.openssl.org/news/secadv/20160301.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
• https://security.gentoo.org/glsa/201603-15
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• http://www.securitytracker.com/id/1035133
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0800: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products,…

Published: 2016-03-01T20:59:00 Last Modified: 2022-01-25T17:15:00

Summary

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a “DROWN” attack.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0800 vulnerability.

References

• https://drownattack.com
• https://access.redhat.com/security/vulnerabilities/drown
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://rhn.redhat.com/errata/RHSA-2016-1519.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953
• http://marc.info/?l=bugtraq&m=146133665209436&w=2
• http://marc.info/?l=bugtraq&m=146108058503441&w=2
• http://marc.info/?l=bugtraq&m=145983526810210&w=2
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589
• http://www.securityfocus.com/bid/83733
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en
• https://www.openssl.org/news/secadv/20160301.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
• https://www.kb.cert.org/vuls/id/583776
• https://security.gentoo.org/glsa/201603-15
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722
• http://support.citrix.com/article/CTX208403
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10154
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
• http://www.securitytracker.com/id/1035133
• https://security.netapp.com/advisory/ntap-20160301-0001/
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
• https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf
• https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18

See also: All popular products CVE Vulnerabilities of openssl

CVE-2016-0701: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not…

Published: 2016-02-15T02:59:00 Last Modified: 2020-10-20T22:15:00

Summary

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 4.9
• CVSS: 2.6
• CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: HIGH
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-0701 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648
• http://www.openssl.org/news/secadv/20160128.txt
• http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
• https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• http://www.securityfocus.com/bid/82233
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://www.ubuntu.com/usn/USN-2883-1
• http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
• http://www.securitytracker.com/id/1034849
• https://security.gentoo.org/glsa/201601-05
• https://www.kb.cert.org/vuls/id/257823
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-3197: ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of…

Published: 2016-02-15T02:59:00 Last Modified: 2017-11-21T02:29:00

Summary

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3197 vulnerability.

References

• http://www.openssl.org/news/secadv/20160128.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/82237
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
• https://security.gentoo.org/glsa/201601-05
• http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
• http://www.securitytracker.com/id/1034849
• https://www.kb.cert.org/vuls/id/257823
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-1794: The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote…

Published: 2015-12-06T20:59:00 Last Modified: 2017-09-14T01:29:00

Summary

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1794 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=ada57746b6b80beae73111fe1291bf8dd89af91c
• http://openssl.org/news/secadv/20151203.txt
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://fortiguard.com/advisory/openssl-advisory-december-2015
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
• http://www.ubuntu.com/usn/USN-2830-1
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
• http://www.securitytracker.com/id/1034294

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-3196: ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when…

Published: 2015-12-06T20:59:00 Last Modified: 2019-06-13T18:15:00

Summary

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3196 vulnerability.

References

• http://openssl.org/news/secadv/20151203.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://marc.info/?l=bugtraq&m=145382583417444&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.securityfocus.com/bid/78622
• http://fortiguard.com/advisory/openssl-advisory-december-2015
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
• http://rhn.redhat.com/errata/RHSA-2015-2617.html
• http://www.fortiguard.com/advisory/openssl-advisory-december-2015
• http://www.ubuntu.com/usn/USN-2830-1
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
• http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
• http://www.debian.org/security/2015/dsa-3413
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
• http://www.securitytracker.com/id/1034294
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-3194: crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote…

Published: 2015-12-06T20:59:00 Last Modified: 2019-02-07T16:19:00

Summary

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3194 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17
• https://bugzilla.redhat.com/show_bug.cgi?id=1288320
• http://openssl.org/news/secadv/20151203.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://marc.info/?l=bugtraq&m=145382583417444&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.securityfocus.com/bid/78623
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://fortiguard.com/advisory/openssl-advisory-december-2015
• http://www.fortiguard.com/advisory/openssl-advisory-december-2015
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
• http://www.debian.org/security/2015/dsa-3413
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
• http://rhn.redhat.com/errata/RHSA-2015-2617.html
• http://www.ubuntu.com/usn/USN-2830-1
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
• http://www.securitytracker.com/id/1034294
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-3195: The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0…

Published: 2015-12-06T20:59:00 Last Modified: 2021-01-19T17:27:00

Summary

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3195 vulnerability.

References

• http://openssl.org/news/secadv/20151203.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• https://support.apple.com/HT206167
• http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://marc.info/?l=bugtraq&m=145382583417444&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/78626
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://fortiguard.com/advisory/openssl-advisory-december-2015
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
• http://www.fortiguard.com/advisory/openssl-advisory-december-2015
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
• http://www.debian.org/security/2015/dsa-3413
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
• http://rhn.redhat.com/errata/RHSA-2015-2617.html
• http://rhn.redhat.com/errata/RHSA-2015-2616.html
• http://www.ubuntu.com/usn/USN-2830-1
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.securitytracker.com/id/1034294
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-3193: The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before…

Published: 2015-12-06T20:59:00 Last Modified: 2017-11-30T02:29:00

Summary

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3193 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
• http://openssl.org/news/secadv/20151203.txt
• https://blog.fuzzing-project.org/31-Fuzzing-Math-miscalculations-in-OpenSSLs-BN_mod_exp-CVE-2015-3193.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1288317
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• http://fortiguard.com/advisory/openssl-advisory-december-2015
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
• http://www.fortiguard.com/advisory/openssl-advisory-december-2015
• http://www.ubuntu.com/usn/USN-2830-1
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://kb.isc.org/article/AA-01438
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
• http://www.securitytracker.com/id/1034294
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.securityfocus.com/bid/78705

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-1793: The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and…

Published: 2015-07-09T19:17:00 Last Modified: 2018-11-30T21:30:00

Summary

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Common Weakness Enumeration (CWE): CWE-254: 7PK - Security Features

CWE Description: Software security is not security software. Here we’re concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

Scores

• Impact Score: 4.9
• Exploitability Score: 10.0
• CVSS: 6.4
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2015-1793 vulnerability.

• OpenSSL - Alternative Chains Certificate Forgery by Ramon de C Valle at 2015-11-05

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8
• http://openssl.org/news/secadv_20150709.txt
• http://marc.info/?l=bugtraq&m=143880121627664&w=2
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
• http://marc.info/?l=bugtraq&m=144370846326989&w=2
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/75652
• http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
• http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm
• http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
• https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825
• https://kc.mcafee.com/corporate/index?page=content&id=SB10125
• https://security.gentoo.org/glsa/201507-15
• http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
• https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427
• http://www.securitytracker.com/id/1032817
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
• http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html
• https://www.exploit-db.com/exploits/38640/
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-3216: Race condition in a certain Red Hat patch to the PRNG lock implementation in the…

Published: 2015-07-07T10:59:00 Last Modified: 2018-01-05T02:30:00

Summary

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3216 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1225994
• http://www.securityfocus.com/bid/75219
• http://www.securitytracker.com/id/1032587
• http://rhn.redhat.com/errata/RHSA-2015-1115.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before…

Published: 2015-06-12T19:59:00 Last Modified: 2021-11-17T22:15:00

Summary

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1790 vulnerability.

References

• https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686
• https://www.openssl.org/news/secadv_20150611.txt
• http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
• https://support.apple.com/kb/HT205031
• http://marc.info/?l=bugtraq&m=143880121627664&w=2
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
• http://marc.info/?l=bugtraq&m=143654156615516&w=2
• http://marc.info/?l=bugtraq&m=144050155601375&w=2
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/75157
• https://openssl.org/news/secadv/20150611.txt
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
• http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• https://bto.bluecoat.com/security-advisory/sa98
• http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
• https://security.gentoo.org/glsa/201506-02
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
• http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
• https://kc.mcafee.com/corporate/index?page=content&id=SB10122
• http://rhn.redhat.com/errata/RHSA-2015-1115.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
• http://www.ubuntu.com/usn/USN-2639-1
• http://www.securitytracker.com/id/1032564
• http://www.debian.org/security/2015/dsa-3287
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
• http://rhn.redhat.com/errata/RHSA-2015-1197.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before…

Published: 2015-06-12T19:59:00 Last Modified: 2017-11-15T02:29:00

Summary

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1788 vulnerability.

References

• https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932
• https://www.openssl.org/news/secadv_20150611.txt
• http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
• https://support.apple.com/kb/HT205031
• http://marc.info/?l=bugtraq&m=143880121627664&w=2
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
• http://marc.info/?l=bugtraq&m=144050155601375&w=2
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/75158
• http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• https://openssl.org/news/secadv/20150611.txt
• http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• http://www-304.ibm.com/support/docview.wss?uid=swg21960041
• https://bto.bluecoat.com/security-advisory/sa98
• http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
• https://security.gentoo.org/glsa/201506-02
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
• http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
• https://kc.mcafee.com/corporate/index?page=content&id=SB10122
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
• http://www.ubuntu.com/usn/USN-2639-1
• http://www.securitytracker.com/id/1032564
• http://www.debian.org/security/2015/dsa-3287
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://support.citrix.com/article/CTX216642

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-1791: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before…

Published: 2015-06-12T19:59:00 Last Modified: 2021-11-17T22:15:00

Summary

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Scores

• Impact Score: 6.4
• Exploitability Score: 8.6
• CVSS: 6.8
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1791 vulnerability.

References

• https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc
• https://www.openssl.org/news/secadv_20150611.txt
• http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
• https://support.apple.com/kb/HT205031
• http://marc.info/?l=bugtraq&m=143880121627664&w=2
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
• http://marc.info/?l=bugtraq&m=144050155601375&w=2
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/75161
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
• https://openssl.org/news/secadv/20150611.txt
• http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• http://www-304.ibm.com/support/docview.wss?uid=swg21960041
• https://bto.bluecoat.com/security-advisory/sa98
• http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
• https://security.gentoo.org/glsa/201506-02
• http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
• https://kc.mcafee.com/corporate/index?page=content&id=SB10122
• http://rhn.redhat.com/errata/RHSA-2015-1115.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
• http://www.ubuntu.com/usn/USN-2639-1
• http://www.securitytracker.com/id/1032479
• http://www.debian.org/security/2015/dsa-3287
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://support.citrix.com/article/CTX216642
• https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11

See also: All popular products CVE Vulnerabilities of openssl

CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before…

Published: 2015-06-12T19:59:00 Last Modified: 2017-11-15T02:29:00

Summary

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1792 vulnerability.

References

• https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c
• https://www.openssl.org/news/secadv_20150611.txt
• http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
• https://support.apple.com/kb/HT205031
• http://marc.info/?l=bugtraq&m=143880121627664&w=2
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
• http://marc.info/?l=bugtraq&m=143654156615516&w=2
• http://marc.info/?l=bugtraq&m=144050155601375&w=2
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/75154
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• https://openssl.org/news/secadv/20150611.txt
• http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• https://bto.bluecoat.com/security-advisory/sa98
• http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
• https://security.gentoo.org/glsa/201506-02
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
• http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
• https://kc.mcafee.com/corporate/index?page=content&id=SB10122
• http://rhn.redhat.com/errata/RHSA-2015-1115.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
• http://www.ubuntu.com/usn/USN-2639-1
• http://www.securitytracker.com/id/1032564
• http://www.debian.org/security/2015/dsa-3287
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://support.citrix.com/article/CTX216642