Vulnerabilities > Openssl > Openssl > 1.0.2g
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-07 | CVE-2017-3737 | Out-of-bounds Read vulnerability in multiple products OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. | 4.3 |
2017-11-13 | CVE-2016-8610 | Resource Exhaustion vulnerability in multiple products A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. | 7.5 |
2017-11-02 | CVE-2017-3736 | Information Exposure vulnerability in Openssl There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. | 4.0 |
2017-05-04 | CVE-2016-7055 | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. | 2.6 |
2016-09-16 | CVE-2016-6303 | Out-of-bounds Write vulnerability in multiple products Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | 9.8 |
2016-09-16 | CVE-2016-6302 | Improper Input Validation vulnerability in multiple products The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. | 7.5 |
2016-09-16 | CVE-2016-2182 | Out-of-bounds Write vulnerability in multiple products The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | 9.8 |
2016-09-16 | CVE-2016-2181 | Numeric Errors vulnerability in multiple products The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. | 7.5 |
2016-09-16 | CVE-2016-2179 | Resource Management Errors vulnerability in multiple products The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. | 7.5 |
2016-08-01 | CVE-2016-2180 | Out-of-bounds Read vulnerability in multiple products The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. | 7.5 |