Vulnerabilities > Openssl > Openssl > 1.1.0a

DATE CVE VULNERABILITY TITLE RISK
2017-05-04 CVE-2016-7054 Improper Access Control vulnerability in Openssl 1.1.0/1.1.0A/1.1.0B
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads.
network
low complexity
openssl CWE-284
5.0
5.0
2017-05-04 CVE-2016-7053 NULL Pointer Dereference vulnerability in Openssl 1.1.0/1.1.0A/1.1.0B
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference.
network
low complexity
openssl CWE-476
5.0
5.0
2016-09-26 CVE-2016-6309 Use After Free vulnerability in Openssl 1.1.0A
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
network
low complexity
openssl CWE-416
critical
 9.8
9.8