Vulnerabilities > Openssl

DATE CVE VULNERABILITY TITLE RISK
2016-09-16 CVE-2016-6302 Improper Input Validation vulnerability in multiple products
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
network
low complexity
openssl oracle CWE-20
7.5
2016-09-16 CVE-2016-2182 Out-of-bounds Write vulnerability in multiple products
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
hp openssl oracle CWE-787
critical
9.8
2016-09-16 CVE-2016-2181 Numeric Errors vulnerability in multiple products
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
network
low complexity
openssl oracle CWE-189
7.5
2016-09-16 CVE-2016-2179 Resource Management Errors vulnerability in multiple products
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
network
low complexity
openssl oracle CWE-399
7.5
2016-09-01 CVE-2016-2183 Information Exposure vulnerability in multiple products
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
network
low complexity
redhat python cisco openssl oracle nodejs CWE-200
7.5
2016-08-01 CVE-2016-2180 Out-of-bounds Read vulnerability in multiple products
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
network
low complexity
openssl oracle CWE-125
7.5
2016-06-20 CVE-2016-2178 Information Exposure Through Discrepancy vulnerability in multiple products
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
5.5
2016-06-20 CVE-2016-2177 Integer Overflow or Wraparound vulnerability in multiple products
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
network
low complexity
hp openssl oracle CWE-190
critical
9.8
2016-05-05 CVE-2016-2176 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openssl
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
network
low complexity
openssl CWE-119
8.2
2016-05-05 CVE-2016-2109 Resource Management Errors vulnerability in multiple products
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
network
low complexity
openssl redhat CWE-399
7.5