Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openssl
(Openssl)| Repositories |
• https://github.com/openssl/openssl
• git://git.openssl.org/openssl.git |
| #Vulnerabilities | 246 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-09-16 | CVE-2016-2181 | The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. | Openssl, Linux | 7.5 | ||
| 2016-09-16 | CVE-2016-2182 | The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | Icewall_federation_agent, Icewall_mcrp, Icewall_sso, Icewall_sso_agent_option, Openssl, Linux | 9.8 | ||
| 2016-09-16 | CVE-2016-6302 | The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. | Openssl, Linux, Solaris | 7.5 | ||
| 2016-09-26 | CVE-2016-6304 | Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. | Node\.js, Suse_linux_enterprise_module_for_web_scripting, Openssl | 7.5 | ||
| 2016-09-26 | CVE-2016-6305 | The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. | Openssl | 7.5 | ||
| 2016-09-26 | CVE-2016-6306 | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_mcrp, Icewall_sso, Icewall_sso_agent_option, Node\.js, Suse_linux_enterprise_module_for_web_scripting, Openssl | 5.9 | ||
| 2016-09-26 | CVE-2016-6307 | The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. | Openssl | 5.9 | ||
| 2016-09-26 | CVE-2016-6308 | statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. | Openssl | 5.9 | ||
| 2016-09-26 | CVE-2016-6309 | statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. | Openssl | 9.8 | ||
| 2016-09-26 | CVE-2016-7052 | crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | Node\.js, Suse_linux_enterprise_module_for_web_scripting, Openssl | 7.5 |