Search for packages
| purl | pkg:openssl/openssl@1.0.0h |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3d3c-x2ux-aaaa
Aliases: CVE-2015-3195 VC-OPENSSL-20151203-CVE-2015-3195 |
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. |
Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities. Affected by 50 other vulnerabilities. |
|
VCID-hzh3-5uc4-aaap
Aliases: CVE-2015-3196 VC-OPENSSL-20151203-CVE-2015-3196 |
If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data. |
Affected by 0 other vulnerabilities. Affected by 24 other vulnerabilities. Affected by 54 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-phs7-u4c9-aaah | A weakness in the OpenSSL CMS and PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). Only users of CMS, PKCS #7, or S/MIME decryption operations are affected, SSL/TLS applications are not affected by this issue. |
CVE-2012-0884
VC-OPENSSL-20120312-CVE-2012-0884 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:51.560662+00:00 | OpenSSL Importer | Fixing | VCID-phs7-u4c9-aaah | https://www.openssl.org/news/secadv/20120312.txt | 34.0.0rc1 |
| 2024-01-03T20:01:37.452825+00:00 | OpenSSL Importer | Affected by | VCID-hzh3-5uc4-aaap | https://www.openssl.org/news/secadv/20151203.txt | 34.0.0rc1 |
| 2024-01-03T20:01:37.185350+00:00 | OpenSSL Importer | Affected by | VCID-3d3c-x2ux-aaaa | https://www.openssl.org/news/secadv/20151203.txt | 34.0.0rc1 |