Vulnerabilities > Openssl > Openssl > 0.9.8u
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-14 | CVE-2010-5298 | Race Condition vulnerability in multiple products Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. | 4.0 |
2012-05-14 | CVE-2012-2333 | Numeric Errors vulnerability in multiple products Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. | 6.8 |
2012-04-19 | CVE-2012-2110 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | 7.5 |
2012-01-06 | CVE-2012-0027 | Resource Management Errors vulnerability in Openssl The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. | 5.0 |
2012-01-06 | CVE-2011-4619 | Resource Management Errors vulnerability in Openssl The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | 5.0 |
2012-01-06 | CVE-2011-4577 | Resource Management Errors vulnerability in Openssl OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. | 4.3 |
2012-01-06 | CVE-2011-4576 | Cryptographic Issues vulnerability in Openssl The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | 5.0 |
2012-01-06 | CVE-2011-4108 | Cryptographic Issues vulnerability in Openssl The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | 4.3 |
2011-05-31 | CVE-2011-1945 | Cryptographic Issues vulnerability in Openssl The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. | 2.6 |