Vendor Dictionary: The OpenSSL Project

The OpenSSL Project

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	[None Entered]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

The OpenSSL Project

The OpenSSL Project

OpenSSL: 0.9.7; OSVDB ID: 29260 OpenSSL Malformed ASN.1 Structure Resource Consumption DoS; OSVDB ID: 29261 OpenSSL Crafted Public Key CPU Consumption DoS; OSVDB ID: 29263 OpenSSL SSLv2 get_server_hello Function Remote DoS; OSVDB ID: 29262 OpenSSL SSL_get_shared_ciphers Function Unspecified Remote Overflow; 0.9.8; OSVDB ID: 29260 OpenSSL Malformed ASN.1 Structure Resource Consumption DoS; OSVDB ID: 29261 OpenSSL Crafted Public Key CPU Consumption DoS; OSVDB ID: 29263 OpenSSL SSLv2 get_server_hello Function Remote DoS; OSVDB ID: 29262 OpenSSL SSL_get_shared_ciphers Function Unspecified Remote Overflow; 1.0.0; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 1.0.1; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; OSVDB ID: 82110 OpenSSL BUF_mem_grow* Functions Overflow; OSVDB ID: 81223 OpenSSL asn1_d2i_read_bio() Function DER Data Parsing Remote Overflow; 0.9.8f; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8g; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8h; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8i; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8j; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8k; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8l; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8m; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8n; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8o; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 69265 OpenSSL TLS Server ssl/t1_lib.c Extension Parsing Race Condition Overflow; 0.9.8p; OSVDB ID: 69657 OpenSSL J-PAKE Public Parameter Validation Shared Secret Authentication Bypass; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 1.0.0b; OSVDB ID: 69657 OpenSSL J-PAKE Public Parameter Validation Shared Secret Authentication Bypass; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; 0.9.8q; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 1.0.0c; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; 1.0.0a; OSVDB ID: 70847 OpenSSL ClientHello Handshake Message Parsing Invalid Memory Access; Unspecified; OSVDB ID: 71845 OpenSSL FIPS Mode Diffie-Hellman Key Exchange Predictable Secret MiTM Weakness; 1.0.0f; OSVDB ID: 78320 OpenSSL DTLS Unspecified Remote DoS; 0.9.8s; OSVDB ID: 78320 OpenSSL DTLS Unspecified Remote DoS; 0.9.8u; OSVDB ID: 81223 OpenSSL asn1_d2i_read_bio() Function DER Data Parsing Remote Overflow; 1.0.0h; OSVDB ID: 81223 OpenSSL asn1_d2i_read_bio() Function DER Data Parsing Remote Overflow; 1.0.0g; OSVDB ID: 80039 OpenSSL CMS / PKCS #7 Million Message Attack (MMA) Data Decryption Weakness; OSVDB ID: 80040 OpenSSL crypto/asn1/asn_mime.c mime_param_cmp() Function MIME Header Parsing Remote DoS; 0.9.8t; OSVDB ID: 80039 OpenSSL CMS / PKCS #7 Million Message Attack (MMA) Data Decryption Weakness; 0.9.8t; OSVDB ID: 80040 OpenSSL crypto/asn1/asn_mime.c mime_param_cmp() Function MIME Header Parsing Remote DoS; 1.0.1b; OSVDB ID: 81810 OpenSSL CBC Encryption DTLS Packet TLS Record Length Parsing Remote DoS; 1.0.0i; OSVDB ID: 81810 OpenSSL CBC Encryption DTLS Packet TLS Record Length Parsing Remote DoS; 0.9.8w; OSVDB ID: 81810 OpenSSL CBC Encryption DTLS Packet TLS Record Length Parsing Remote DoS; 1.0.1; 1.0.1a; OSVDB ID: 84390 OpenSSL SSL_OP_ALL Option TLS Protocol Rollback Weakness; 0.9.8r; OSVDB ID: 78186 OpenSSL Datagram Transport Layer Security (DTLS) CBC Encryption Weakness Plaintext Information Disclosure; OSVDB ID: 78189 OpenSSL RFC 3779 Certificate Data Parsing Assertion Failure Remote DoS; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; OSVDB ID: 78188 OpenSSL SSL 3.0 Record Cipher Padding Uninitialized Memory Information Disclosure; OSVDB ID: 78190 OpenSSL Server Gated Cryptography (SGC) Handshake Restart Handling Remote DoS; 1.0.0e; OSVDB ID: 78186 OpenSSL Datagram Transport Layer Security (DTLS) CBC Encryption Weakness Plaintext Information Disclosure; OSVDB ID: 78189 OpenSSL RFC 3779 Certificate Data Parsing Assertion Failure Remote DoS; OSVDB ID: 78191 OpenSSL GOST ENGINE Parameter Parsing Remote DoS; OSVDB ID: 78188 OpenSSL SSL 3.0 Record Cipher Padding Uninitialized Memory Information Disclosure; OSVDB ID: 78190 OpenSSL Server Gated Cryptography (SGC) Handshake Restart Handling Remote DoS; 0.9.8a; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8b; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8c; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8d; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8e; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8f; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8g; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8h; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8i; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8j; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8n; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8o; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8k; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8l; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8m; OSVDB ID: 78187 OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness; 0.9.8x; OSVDB ID: 78191 OpenSSL GOST ENGINE Parameter Parsing Remote DoS; 1.0.1c; OSVDB ID: 89849 TLS / DTLS Protocol CBC-mode Ciphersuite Distinguishing Attack Information Disclosure Weakness; OSVDB ID: 89865 OpenSSL OCSP Response Verification Handling Remote DoS; OSVDB ID: 89866 OpenSSL AES-NI CBC Ciphersuite Handling Remote DoS; OSVDB ID: 89848 TLS / DTLS Protocol CBC-mode Ciphersuite Timing Analysis Plaintext Recovery Cryptanalysis Attack; 1.0.0j; OSVDB ID: 89849 TLS / DTLS Protocol CBC-mode Ciphersuite Distinguishing Attack Information Disclosure Weakness; OSVDB ID: 89865 OpenSSL OCSP Response Verification Handling Remote DoS; OSVDB ID: 89848 TLS / DTLS Protocol CBC-mode Ciphersuite Timing Analysis Plaintext Recovery Cryptanalysis Attack; 0.9.8x; OSVDB ID: 89849 TLS / DTLS Protocol CBC-mode Ciphersuite Distinguishing Attack Information Disclosure Weakness; OSVDB ID: 89865 OpenSSL OCSP Response Verification Handling Remote DoS; OSVDB ID: 89848 TLS / DTLS Protocol CBC-mode Ciphersuite Timing Analysis Plaintext Recovery Cryptanalysis Attack; 1.0.1c; 1.0.0j; 0.9.8x; 1.0.1c; 1.0.0j; 0.9.8x; 1.0.1c

OpenSSL Command Line Utility: 1.0.1; OSVDB ID: 82474 OpenSSL Command Line Utility Signing Certificate Password Handling Local Overflow

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.