VulnerableCode Package Details - pkg:openssl/openssl@0.9.8zg

Search for packages

Vulnerability	Summary	Fixed by
VCID-3d3c-x2ux-aaaa Aliases: CVE-2015-3195 VC-OPENSSL-20151203-CVE-2015-3195	When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.	0.9.8zh Affected by 0 other vulnerabilities. 1.0.0t Affected by 0 other vulnerabilities. 1.0.1q Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.0.2e Affected by 50 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3d3c-x2ux-aaaa
Aliases:
CVE-2015-3195
VC-OPENSSL-20151203-CVE-2015-3195

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

0.9.8zh
Affected by 0 other vulnerabilities.

1.0.0t
Affected by 0 other vulnerabilities.

1.0.1q
Affected by 22 other vulnerabilities.

1.0.2e
Affected by 50 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-69ax-cbdq-aaam	If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.	CVE-2015-1791 VC-OPENSSL-20150602-CVE-2015-1791
VCID-arc3-rhts-aaar	When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.	CVE-2015-1792 VC-OPENSSL-20150611-CVE-2015-1792
VCID-gydy-46kx-aaaf	X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.	CVE-2015-1789 VC-OPENSSL-20150611-CVE-2015-1789
VCID-tc8g-det5-aaad	The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.	CVE-2015-1790 VC-OPENSSL-20150611-CVE-2015-1790

Vulnerability

Summary

Aliases

VCID-69ax-cbdq-aaam

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

CVE-2015-1791
VC-OPENSSL-20150602-CVE-2015-1791

VCID-arc3-rhts-aaar

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

CVE-2015-1792
VC-OPENSSL-20150611-CVE-2015-1792

VCID-gydy-46kx-aaaf

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

CVE-2015-1789
VC-OPENSSL-20150611-CVE-2015-1789

VCID-tc8g-det5-aaad

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

CVE-2015-1790
VC-OPENSSL-20150611-CVE-2015-1790

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-01-03T20:01:39.309309+00:00	OpenSSL Importer	Fixing	VCID-69ax-cbdq-aaam	https://www.openssl.org/news/secadv/20150611.txt	34.0.0rc1
2024-01-03T20:01:38.914006+00:00	OpenSSL Importer	Fixing	VCID-arc3-rhts-aaar	https://www.openssl.org/news/secadv/20150611.txt	34.0.0rc1
2024-01-03T20:01:38.524755+00:00	OpenSSL Importer	Fixing	VCID-tc8g-det5-aaad	https://www.openssl.org/news/secadv/20150611.txt	34.0.0rc1
2024-01-03T20:01:38.135299+00:00	OpenSSL Importer	Fixing	VCID-gydy-46kx-aaaf	https://www.openssl.org/news/secadv/20150611.txt	34.0.0rc1
2024-01-03T20:01:37.127249+00:00	OpenSSL Importer	Affected by	VCID-3d3c-x2ux-aaaa	https://www.openssl.org/news/secadv/20151203.txt	34.0.0rc1