Vulnerabilities > Openssl

DATE CVE VULNERABILITY TITLE RISK
2017-12-07 CVE-2017-3738 Information Exposure vulnerability in multiple products
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.
network
high complexity
openssl debian nodejs CWE-200
5.9
2017-12-07 CVE-2017-3737 Out-of-bounds Write vulnerability in multiple products
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism.
network
high complexity
openssl debian CWE-787
5.9
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. 7.5
2017-11-02 CVE-2017-3736 Information Exposure vulnerability in Openssl
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g.
network
low complexity
openssl CWE-200
6.5
2017-08-28 CVE-2017-3735 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread.
network
low complexity
openssl debian CWE-119
5.3
2017-05-04 CVE-2016-7055 There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits.
network
high complexity
openssl nodejs
5.9
2017-05-04 CVE-2017-3733 Improper Input Validation vulnerability in multiple products
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite).
network
low complexity
openssl hp CWE-20
7.5
2017-05-04 CVE-2017-3732 Information Exposure vulnerability in multiple products
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d.
network
high complexity
openssl nodejs CWE-200
5.9
2017-05-04 CVE-2017-3731 Out-of-bounds Read vulnerability in multiple products
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash.
network
low complexity
openssl nodejs CWE-125
7.5
2017-05-04 CVE-2017-3730 NULL Pointer Dereference vulnerability in multiple products
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash.
network
low complexity
openssl oracle CWE-476
7.5