Search for packages
Package details: pkg:alpm/archlinux/openssl@1.0.2.h-1
purl pkg:alpm/archlinux/openssl@1.0.2.h-1
Next non-vulnerable version 1.0.2.k-1
Latest non-vulnerable version 3.1.4-1
Risk 4.5
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-581z-anfk-aaaq
Aliases:
CVE-2016-6302
VC-OPENSSL-20160823-CVE-2016-6302
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-9fjn-9378-aaae
Aliases:
CVE-2016-2179
VC-OPENSSL-20160822-CVE-2016-2179
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-a12s-yyr4-aaad
Aliases:
CVE-2016-2181
VC-OPENSSL-20160819-CVE-2016-2181
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-agz8-77e4-aaaq
Aliases:
CVE-2016-2182
VC-OPENSSL-20160816-CVE-2016-2182
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-bms1-jrax-aaap
Aliases:
CVE-2016-6304
VC-OPENSSL-20160922-CVE-2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-eg7n-8h8z-aaaa
Aliases:
CVE-2016-6306
VC-OPENSSL-20160921-CVE-2016-6306
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-kryh-pfgh-aaag
Aliases:
CVE-2016-2177
VC-OPENSSL-20160601-CVE-2016-2177
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-qbz3-r843-aaaf
Aliases:
CVE-2016-2183
VC-OPENSSL-20160824-CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-sgbg-ntsk-aaac
Aliases:
CVE-2016-6303
VC-OPENSSL-20160824-CVE-2016-6303
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-ue1t-xset-aaah
Aliases:
CVE-2016-2180
VC-OPENSSL-20160722-CVE-2016-2180
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
1.0.2.i-1
Affected by 1 other vulnerability.
VCID-z6bg-hyhu-aaas
Aliases:
CVE-2016-2178
VC-OPENSSL-20160607-CVE-2016-2178
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
1.0.2.i-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:46:20.055719+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:20.035263+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:20.014756+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:19.994080+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:19.973454+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:19.952913+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:19.932553+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:19.911821+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:19.891470+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:19.870816+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-29 36.0.0
2025-03-28T07:46:19.850170+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-29 36.0.0
2024-10-23T22:18:47.179352+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:47.153976+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:47.126216+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:47.098164+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:47.072864+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:47.044650+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:47.019220+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:46.993899+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:46.966408+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:46.938852+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-29 34.0.2
2024-10-23T22:18:46.915649+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-29 34.0.2
2024-09-18T02:01:33.689499+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.667895+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.646141+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.624727+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.598111+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.574393+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.547747+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.521110+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.494602+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.471180+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-29 34.0.1
2024-09-18T02:01:33.418347+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-29 34.0.1
2024-01-30T20:48:36.918698+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.894835+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.870493+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.846877+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.823274+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.801700+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.778307+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.754144+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.728885+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.704612+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-30T20:48:36.679719+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-29 34.0.0rc2
2024-01-03T22:27:41.417976+00:00 Arch Linux Importer Affected by VCID-kryh-pfgh-aaag https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.396568+00:00 Arch Linux Importer Affected by VCID-z6bg-hyhu-aaas https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.375382+00:00 Arch Linux Importer Affected by VCID-9fjn-9378-aaae https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.354119+00:00 Arch Linux Importer Affected by VCID-ue1t-xset-aaah https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.333044+00:00 Arch Linux Importer Affected by VCID-a12s-yyr4-aaad https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.307028+00:00 Arch Linux Importer Affected by VCID-agz8-77e4-aaaq https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.280619+00:00 Arch Linux Importer Affected by VCID-qbz3-r843-aaaf https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.256570+00:00 Arch Linux Importer Affected by VCID-581z-anfk-aaaq https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.232616+00:00 Arch Linux Importer Affected by VCID-sgbg-ntsk-aaac https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.208700+00:00 Arch Linux Importer Affected by VCID-bms1-jrax-aaap https://security.archlinux.org/AVG-29 34.0.0rc1
2024-01-03T22:27:41.182690+00:00 Arch Linux Importer Affected by VCID-eg7n-8h8z-aaaa https://security.archlinux.org/AVG-29 34.0.0rc1