Search for packages
Package details: pkg:alpm/archlinux/lib32-openssl@1:1.0.2.h-1
purl pkg:alpm/archlinux/lib32-openssl@1:1.0.2.h-1
Next non-vulnerable version 1:1.0.2.k-1
Latest non-vulnerable version 1:3.1.4-1
Risk 4.5
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-581z-anfk-aaaq
Aliases:
CVE-2016-6302
VC-OPENSSL-20160823-CVE-2016-6302
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-9fjn-9378-aaae
Aliases:
CVE-2016-2179
VC-OPENSSL-20160822-CVE-2016-2179
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-a12s-yyr4-aaad
Aliases:
CVE-2016-2181
VC-OPENSSL-20160819-CVE-2016-2181
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-agz8-77e4-aaaq
Aliases:
CVE-2016-2182
VC-OPENSSL-20160816-CVE-2016-2182
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-bms1-jrax-aaap
Aliases:
CVE-2016-6304
VC-OPENSSL-20160922-CVE-2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-eg7n-8h8z-aaaa
Aliases:
CVE-2016-6306
VC-OPENSSL-20160921-CVE-2016-6306
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-kryh-pfgh-aaag
Aliases:
CVE-2016-2177
VC-OPENSSL-20160601-CVE-2016-2177
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-qbz3-r843-aaaf
Aliases:
CVE-2016-2183
VC-OPENSSL-20160824-CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-sgbg-ntsk-aaac
Aliases:
CVE-2016-6303
VC-OPENSSL-20160824-CVE-2016-6303
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-ue1t-xset-aaah
Aliases:
CVE-2016-2180
VC-OPENSSL-20160722-CVE-2016-2180
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
1:1.0.2.i-1
Affected by 1 other vulnerability.
VCID-z6bg-hyhu-aaas
Aliases:
CVE-2016-2178
VC-OPENSSL-20160607-CVE-2016-2178
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
1:1.0.2.i-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:46:19.829211+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.808668+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.788022+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.767132+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.746365+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.725899+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.705008+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.684497+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.663811+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.643286+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-30 36.0.0
2025-03-28T07:46:19.621973+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-30 36.0.0
2024-10-23T22:18:46.891014+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.868237+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.845636+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.822986+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.799323+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.775635+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.752725+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.729664+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.706884+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.683477+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-30 34.0.2
2024-10-23T22:18:46.653410+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-30 34.0.2
2024-09-18T02:01:33.391319+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:33.364927+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:33.338491+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:33.313934+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:33.279025+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:33.245359+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:33.213109+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:33.131862+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:33.059059+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:32.969433+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-30 34.0.1
2024-09-18T02:01:32.820721+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-30 34.0.1
2024-04-28T07:57:46.382608+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.361656+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.338240+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.313870+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.288915+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.267363+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.245223+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.220373+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.198981+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.175929+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-30 34.0.0rc4
2024-04-28T07:57:46.152926+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-30 34.0.0rc4
2024-01-03T22:27:41.158462+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:41.136725+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:41.115246+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:41.094086+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:41.072712+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:41.048101+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:41.026927+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:40.997407+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:40.970031+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:40.943859+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-30 34.0.0rc1
2024-01-03T22:27:40.917659+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-30 34.0.0rc1