Search for packages
| purl | pkg:openssl/openssl@1.0.1b |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1bwf-h8y6-aaar
Aliases: CVE-2015-0206 VC-OPENSSL-20150108-CVE-2015-0206 |
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. |
Affected by 39 other vulnerabilities. |
|
VCID-1h5d-fnug-aaac
Aliases: CVE-2014-3470 VC-OPENSSL-20140530-CVE-2014-3470 |
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. |
Affected by 59 other vulnerabilities. |
|
VCID-1pke-t171-aaas
Aliases: CVE-2015-0287 VC-OPENSSL-20150319-CVE-2015-0287 |
ASN.1 structure reuse memory corruption. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. |
Affected by 31 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-1t6y-1zjy-aaae
Aliases: CVE-2016-0704 VC-OPENSSL-20160301-CVE-2016-0704 |
This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address the vulnerability CVE-2015-0293. s2_srvr.c overwrite the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. This provides a Bleichenbacher oracle, and could potentially allow more efficient variants of the DROWN attack. |
Affected by 31 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-2tt7-g7qs-aaae
Aliases: CVE-2014-5139 VC-OPENSSL-20140806-CVE-2014-5139 |
A crash was found affecting SRP ciphersuites used in a Server Hello message. The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This could lead to a Denial of Service. |
Affected by 50 other vulnerabilities. |
|
VCID-3d3c-x2ux-aaaa
Aliases: CVE-2015-3195 VC-OPENSSL-20151203-CVE-2015-3195 |
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. |
Affected by 22 other vulnerabilities. Affected by 50 other vulnerabilities. |
|
VCID-42tc-p92q-aaap
Aliases: CVE-2016-2105 VC-OPENSSL-20160503-CVE-2016-2105 |
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. |
Affected by 10 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-49hw-yjgb-aaab
Aliases: CVE-2013-4353 VC-OPENSSL-20140106-CVE-2013-4353 |
A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A malicious server could use this flaw to crash a connecting client. This issue only affected OpenSSL 1.0.1 versions. |
Affected by 69 other vulnerabilities. |
|
VCID-52ea-drta-aaaa
Aliases: CVE-2016-2108 VC-OPENSSL-20160503-CVE-2016-2108 |
This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. In previous versions of OpenSSL, ASN.1 encoding the value zero represented as a negative integer can cause a buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does not normally create "negative zeroes" when parsing ASN.1 input, and therefore, an attacker cannot trigger this bug. However, a second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures. Therefore, if an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations. Applications that parse and re-encode X509 certificates are known to be vulnerable. Applications that verify RSA signatures on X509 certificates may also be vulnerable; however, only certificates with valid signatures trigger ASN.1 re-encoding and hence the bug. Specifically, since OpenSSL's default TLS X509 chain verification code verifies the certificate chain from root to leaf, TLS handshakes could only be targeted with valid certificates issued by trusted Certification Authorities. |
Affected by 26 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-581z-anfk-aaaq
Aliases: CVE-2016-6302 VC-OPENSSL-20160823-CVE-2016-6302 |
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-5g8u-a3pe-aaan
Aliases: CVE-2014-8275 VC-OPENSSL-20150105-CVE-2014-8275 |
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. |
Affected by 39 other vulnerabilities. |
|
VCID-68v4-qbae-aaak
Aliases: CVE-2015-3197 VC-OPENSSL-20160128-CVE-2015-3197 |
A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. |
Affected by 21 other vulnerabilities. Affected by 48 other vulnerabilities. |
|
VCID-69ax-cbdq-aaam
Aliases: CVE-2015-1791 VC-OPENSSL-20150602-CVE-2015-1791 |
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. |
Affected by 27 other vulnerabilities. Affected by 57 other vulnerabilities. |
|
VCID-6xd4-wjkk-aaak
Aliases: CVE-2014-0224 VC-OPENSSL-20140605-CVE-2014-0224 |
An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. |
Affected by 59 other vulnerabilities. |
|
VCID-75pz-sunt-aaaa
Aliases: CVE-2015-0209 VC-OPENSSL-20150319-CVE-2015-0209 |
Use After Free following d2i_ECPrivatekey error. A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare. |
Affected by 31 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-77pn-m7ra-aaap
Aliases: CVE-2014-3505 VC-OPENSSL-20140806-CVE-2014-3505 |
A Double Free was found when processing DTLS packets. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This could lead to a Denial of Service attack. |
Affected by 50 other vulnerabilities. |
|
VCID-7zby-e6xb-aaan
Aliases: CVE-2014-3511 VC-OPENSSL-20140806-CVE-2014-3511 |
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. |
Affected by 50 other vulnerabilities. |
|
VCID-88dn-xmg2-aaab
Aliases: CVE-2014-0195 VC-OPENSSL-20140605-CVE-2014-0195 |
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. |
Affected by 59 other vulnerabilities. |
|
VCID-8c1z-2ue1-aaaj
Aliases: CVE-2013-0169 VC-OPENSSL-20130204-CVE-2013-0169 |
A weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could lead to plaintext recovery by exploiting timing differences arising during MAC processing. |
Affected by 72 other vulnerabilities. |
|
VCID-8xeh-vwwg-aaak
Aliases: CVE-2014-3508 VC-OPENSSL-20140806-CVE-2014-3508 |
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex, to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. |
Affected by 50 other vulnerabilities. |
|
VCID-914k-6fj2-aaac
Aliases: CVE-2015-0286 VC-OPENSSL-20150319-CVE-2015-0286 |
Segmentation fault in ASN1_TYPE_cmp. The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. |
Affected by 31 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-9few-spp9-aaag
Aliases: CVE-2015-0293 VC-OPENSSL-20150319-CVE-2015-0293 |
DoS via reachable assert in SSLv2 servers. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. |
Affected by 31 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-9fjn-9378-aaae
Aliases: CVE-2016-2179 VC-OPENSSL-20160822-CVE-2016-2179 |
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-9wtw-93e9-aaam
Aliases: CVE-2016-0799 VC-OPENSSL-20160301-CVE-2016-0799 |
The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. |
Affected by 15 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-a12s-yyr4-aaad
Aliases: CVE-2016-2181 VC-OPENSSL-20160819-CVE-2016-2181 |
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-agz8-77e4-aaaq
Aliases: CVE-2016-2182 VC-OPENSSL-20160816-CVE-2016-2182 |
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-amba-4zuy-aaap
Aliases: CVE-2014-3571 VC-OPENSSL-20150105-CVE-2014-3571 |
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack. |
Affected by 39 other vulnerabilities. |
|
VCID-arc3-rhts-aaar
Aliases: CVE-2015-1792 VC-OPENSSL-20150611-CVE-2015-1792 |
When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code. |
Affected by 27 other vulnerabilities. Affected by 57 other vulnerabilities. |
|
VCID-bms1-jrax-aaap
Aliases: CVE-2016-6304 VC-OPENSSL-20160922-CVE-2016-6304 |
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-bsap-s527-aaaj
Aliases: CVE-2015-0289 VC-OPENSSL-20150319-CVE-2015-0289 |
PKCS#7 NULL pointer dereference. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. |
Affected by 31 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-bydn-b3ub-aaah
Aliases: CVE-2013-6449 VC-OPENSSL-20131214-CVE-2013-6449 |
A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. This issue only affected OpenSSL 1.0.1 versions. |
Affected by 69 other vulnerabilities. |
|
VCID-cg17-ah7e-aaag
Aliases: CVE-2016-2107 VC-OPENSSL-20160503-CVE-2016-2107 |
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. |
Affected by 10 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-ch34-h9ey-aaam
Aliases: CVE-2014-0221 VC-OPENSSL-20140605-CVE-2014-0221 |
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. |
Affected by 59 other vulnerabilities. |
|
VCID-dhsz-kcke-aaan
Aliases: CVE-2014-3572 VC-OPENSSL-20150105-CVE-2014-3572 |
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite. |
Affected by 39 other vulnerabilities. |
|
VCID-e7ep-2kks-aaad
Aliases: CVE-2014-0076 VC-OPENSSL-20140214-CVE-2014-0076 |
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" |
Affected by 67 other vulnerabilities. |
|
VCID-eg7n-8h8z-aaaa
Aliases: CVE-2016-6306 VC-OPENSSL-20160921-CVE-2016-6306 |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-egbc-ecck-aaag
Aliases: CVE-2016-2109 VC-OPENSSL-20160503-CVE-2016-2109 |
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. |
Affected by 10 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-ejg3-awxf-aaan
Aliases: CVE-2016-0705 VC-OPENSSL-20160301-CVE-2016-0705 |
A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. |
Affected by 15 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-ftte-av19-aaad
Aliases: CVE-2016-0703 VC-OPENSSL-20160301-CVE-2016-0703 |
This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. If clear-key bytes are present for these ciphers, they *displace* encrypted-key bytes. This leads to an efficient divide-and-conquer key recovery attack: if an eavesdropper has intercepted an SSLv2 handshake, they can use the server as an oracle to determine the SSLv2 master-key, using only 16 connections to the server and negligible computation. More importantly, this leads to a more efficient version of DROWN that is effective against non-export ciphersuites, and requires no significant computation. |
Affected by 31 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-gp3a-7m39-aaam
Aliases: CVE-2015-3194 VC-OPENSSL-20151203-CVE-2015-3194 |
The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. |
Affected by 22 other vulnerabilities. Affected by 50 other vulnerabilities. |
|
VCID-gydy-46kx-aaaf
Aliases: CVE-2015-1789 VC-OPENSSL-20150611-CVE-2015-1789 |
X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. |
Affected by 27 other vulnerabilities. Affected by 57 other vulnerabilities. |
|
VCID-h9w2-2k7p-aaae
Aliases: CVE-2012-2333 VC-OPENSSL-20120510-CVE-2012-2333 |
An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled TLS 1.1, TLS 1.2, and DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode. A malicious TLS 1.1, TLS 1.2, or DTLS client or server could use this flaw to crash its connection peer. |
Affected by 75 other vulnerabilities. |
|
VCID-hzh3-5uc4-aaap
Aliases: CVE-2015-3196 VC-OPENSSL-20151203-CVE-2015-3196 |
If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data. |
Affected by 24 other vulnerabilities. Affected by 54 other vulnerabilities. |
|
VCID-k2k5-a2cd-aaac
Aliases: CVE-2014-0198 VC-OPENSSL-20140421-CVE-2014-0198 |
A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. |
Affected by 59 other vulnerabilities. |
|
VCID-kay4-6j1g-aaas
Aliases: CVE-2014-3513 VC-OPENSSL-20141015-CVE-2014-3513 |
A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. |
Affected by 47 other vulnerabilities. |
|
VCID-kna9-u4rt-aaar
Aliases: CVE-2014-3507 VC-OPENSSL-20140806-CVE-2014-3507 |
A DTLS memory leak from zero-length fragments was found. By sending carefully crafted DTLS packets an attacker could cause OpenSSL to leak memory. This could lead to a Denial of Service attack. |
Affected by 50 other vulnerabilities. |
|
VCID-kryh-pfgh-aaag
Aliases: CVE-2016-2177 VC-OPENSSL-20160601-CVE-2016-2177 |
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-m4nz-uw2e-aaaq
Aliases: CVE-2016-0798 VC-OPENSSL-20160301-CVE-2016-0798 |
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. |
Affected by 15 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-nemw-6d8n-aaah
Aliases: CVE-2014-3567 VC-OPENSSL-20141015-CVE-2014-3567 |
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. |
Affected by 47 other vulnerabilities. |
|
VCID-qnz6-p4f5-aaag
Aliases: CVE-2015-0205 VC-OPENSSL-20150108-CVE-2015-0205 |
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. |
Affected by 39 other vulnerabilities. |
|
VCID-rhab-a2ya-aaae
Aliases: CVE-2015-1788 VC-OPENSSL-20150611-CVE-2015-1788 |
When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. |
Affected by 27 other vulnerabilities. Affected by 57 other vulnerabilities. |
|
VCID-rr5p-edvp-aaar
Aliases: CVE-2014-3506 VC-OPENSSL-20140806-CVE-2014-3506 |
A DTLS flaw leading to memory exhaustion was found. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This could lead to a Denial of Service attack. |
Affected by 50 other vulnerabilities. |
|
VCID-sgbg-ntsk-aaac
Aliases: CVE-2016-6303 VC-OPENSSL-20160824-CVE-2016-6303 |
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-sya7-pd7p-aaaa
Aliases: CVE-2014-3510 VC-OPENSSL-20140806-CVE-2014-3510 |
A flaw in handling DTLS anonymous EC(DH) ciphersuites was found. OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. |
Affected by 50 other vulnerabilities. |
|
VCID-t9zu-eqq1-aaag
Aliases: CVE-2016-0702 VC-OPENSSL-20160301-CVE-2016-0702 |
A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same hyper-threaded core as the victim thread which is performing decryptions. |
Affected by 15 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-tc8g-det5-aaad
Aliases: CVE-2015-1790 VC-OPENSSL-20150611-CVE-2015-1790 |
The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. |
Affected by 27 other vulnerabilities. Affected by 57 other vulnerabilities. |
|
VCID-te3m-wuz7-aaam
Aliases: CVE-2014-3509 VC-OPENSSL-20140806-CVE-2014-3509 |
A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. |
Affected by 50 other vulnerabilities. |
|
VCID-tvpy-7bfy-aaad
Aliases: CVE-2012-2686 VC-OPENSSL-20130205-CVE-2012-2686 |
A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. |
Affected by 72 other vulnerabilities. |
|
VCID-ue1t-xset-aaah
Aliases: CVE-2016-2180 VC-OPENSSL-20160722-CVE-2016-2180 |
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-uh6s-bvxe-aaaf
Aliases: CVE-2016-0797 VC-OPENSSL-20160301-CVE-2016-0797 |
In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. All OpenSSL internal usage of these functions use data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. This is also anticipated to be rare. |
Affected by 15 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-vc6g-hwkh-aaas
Aliases: VC-OPENSSL-20141015 |
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566). See also https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 and https://www.openssl.org/~bodo/ssl-poodle.pdf |
Affected by 47 other vulnerabilities. |
|
VCID-vqn2-4c3d-aaab
Aliases: CVE-2013-6450 VC-OPENSSL-20131213-CVE-2013-6450 |
A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. This is not a vulnerability for OpenSSL prior to 1.0.0. |
Affected by 69 other vulnerabilities. |
|
VCID-vu6d-q79f-aaaa
Aliases: CVE-2013-0166 VC-OPENSSL-20130205-CVE-2013-0166 |
A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. |
Affected by 72 other vulnerabilities. |
|
VCID-vvuz-hvfa-aaae
Aliases: CVE-2014-3570 VC-OPENSSL-20150108-CVE-2014-3570 |
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined: *) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. *) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. *) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. *) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved. |
Affected by 39 other vulnerabilities. |
|
VCID-vz46-gfhm-aaap
Aliases: CVE-2016-0800 VC-OPENSSL-20160301-CVE-2016-0800 |
A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to perform approximately 2^50 computation, as well as thousands of connections to the affected server. A more efficient variant of the DROWN attack exists against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if they've not done so already. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed. Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN: SSLv2 is now by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up are now disabled in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. |
Affected by 15 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-wdvv-5wyx-aaaa
Aliases: CVE-2016-2176 VC-OPENSSL-20160503-CVE-2016-2176 |
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. |
Affected by 10 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-xmkv-s3ye-aaae
Aliases: CVE-2015-0204 VC-OPENSSL-20150106-CVE-2015-0204 |
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session. |
Affected by 39 other vulnerabilities. |
|
VCID-xrv3-gt8k-aaak
Aliases: CVE-2015-0292 VC-OPENSSL-20150319-CVE-2015-0292 |
A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption. |
Affected by 59 other vulnerabilities. |
|
VCID-xsy7-be4x-aaas
Aliases: CVE-2016-2106 VC-OPENSSL-20160503-CVE-2016-2106 |
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. |
Affected by 10 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-y49b-wcn4-aaaa
Aliases: CVE-2015-0288 VC-OPENSSL-20150302-CVE-2015-0288 |
X509_to_X509_REQ NULL pointer deref. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice. |
Affected by 31 other vulnerabilities. Affected by 59 other vulnerabilities. |
|
VCID-yndp-nypz-aaam
Aliases: CVE-2014-3512 VC-OPENSSL-20140806-CVE-2014-3512 |
A SRP buffer overrun was found. A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. |
Affected by 50 other vulnerabilities. |
|
VCID-z47s-afyn-aaak
Aliases: CVE-2010-5298 VC-OPENSSL-20140408-CVE-2010-5298 |
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. |
Affected by 59 other vulnerabilities. |
|
VCID-z6bg-hyhu-aaas
Aliases: CVE-2016-2178 VC-OPENSSL-20160607-CVE-2016-2178 |
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-z8sc-rus1-aaae
Aliases: CVE-2014-3568 VC-OPENSSL-20141015-CVE-2014-3568 |
When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. |
Affected by 47 other vulnerabilities. |
|
VCID-zenr-u2eq-aaap
Aliases: CVE-2014-0160 VC-OPENSSL-20140407-CVE-2014-0160 |
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server (a.k.a. Heartbleed). This issue did not affect versions of OpenSSL prior to 1.0.1. |
Affected by 67 other vulnerabilities. |
|
VCID-zkqe-jrqc-aaab
Aliases: CVE-2014-8176 VC-OPENSSL-20150611-CVE-2014-8176 |
This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014. If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption. |
Affected by 59 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:54.369445+00:00 | OpenSSL Importer | Affected by | VCID-1h5d-fnug-aaac | https://www.openssl.org/news/secadv/20140605.txt | 34.0.0rc1 |
| 2024-01-03T20:01:54.097666+00:00 | OpenSSL Importer | Affected by | VCID-z47s-afyn-aaak | https://www.openssl.org/news/secadv/20140605.txt | 34.0.0rc1 |
| 2024-01-03T20:01:53.970910+00:00 | OpenSSL Importer | Affected by | VCID-k2k5-a2cd-aaac | https://www.openssl.org/news/secadv/20140605.txt | 34.0.0rc1 |
| 2024-01-03T20:01:53.843965+00:00 | OpenSSL Importer | Affected by | VCID-88dn-xmg2-aaab | https://www.openssl.org/news/secadv/20140605.txt | 34.0.0rc1 |
| 2024-01-03T20:01:53.650713+00:00 | OpenSSL Importer | Affected by | VCID-ch34-h9ey-aaam | https://www.openssl.org/news/secadv/20140605.txt | 34.0.0rc1 |
| 2024-01-03T20:01:53.380949+00:00 | OpenSSL Importer | Affected by | VCID-6xd4-wjkk-aaak | https://www.openssl.org/news/secadv/20140605.txt | 34.0.0rc1 |
| 2024-01-03T20:01:53.119543+00:00 | OpenSSL Importer | Affected by | VCID-zenr-u2eq-aaap | https://www.openssl.org/news/secadv/20140407.txt | 34.0.0rc1 |
| 2024-01-03T20:01:53.060853+00:00 | OpenSSL Importer | Affected by | VCID-e7ep-2kks-aaad | https://www.openssl.org/news/secadv/20140605.txt | 34.0.0rc1 |
| 2024-01-03T20:01:52.790756+00:00 | OpenSSL Importer | Affected by | VCID-49hw-yjgb-aaab | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:52.745737+00:00 | OpenSSL Importer | Affected by | VCID-bydn-b3ub-aaah | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:52.700038+00:00 | OpenSSL Importer | Affected by | VCID-vqn2-4c3d-aaab | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:52.593441+00:00 | OpenSSL Importer | Affected by | VCID-vu6d-q79f-aaaa | https://www.openssl.org/news/secadv/20130205.txt | 34.0.0rc1 |
| 2024-01-03T20:01:52.357741+00:00 | OpenSSL Importer | Affected by | VCID-tvpy-7bfy-aaad | https://www.openssl.org/news/secadv/20130205.txt | 34.0.0rc1 |
| 2024-01-03T20:01:52.318421+00:00 | OpenSSL Importer | Affected by | VCID-8c1z-2ue1-aaaj | https://www.openssl.org/news/secadv/20130205.txt | 34.0.0rc1 |
| 2024-01-03T20:01:52.091809+00:00 | OpenSSL Importer | Affected by | VCID-h9w2-2k7p-aaae | https://www.openssl.org/news/secadv/20120510.txt | 34.0.0rc1 |
| 2024-01-03T20:01:46.847616+00:00 | OpenSSL Importer | Affected by | VCID-yndp-nypz-aaam | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:46.784612+00:00 | OpenSSL Importer | Affected by | VCID-7zby-e6xb-aaan | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:46.718279+00:00 | OpenSSL Importer | Affected by | VCID-sya7-pd7p-aaaa | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:46.437857+00:00 | OpenSSL Importer | Affected by | VCID-kna9-u4rt-aaar | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:46.230225+00:00 | OpenSSL Importer | Affected by | VCID-rr5p-edvp-aaar | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:45.945043+00:00 | OpenSSL Importer | Affected by | VCID-77pn-m7ra-aaap | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:45.720028+00:00 | OpenSSL Importer | Affected by | VCID-te3m-wuz7-aaam | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:45.578876+00:00 | OpenSSL Importer | Affected by | VCID-2tt7-g7qs-aaae | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:45.509804+00:00 | OpenSSL Importer | Affected by | VCID-8xeh-vwwg-aaak | https://www.openssl.org/news/secadv/20140806.txt | 34.0.0rc1 |
| 2024-01-03T20:01:45.218390+00:00 | OpenSSL Importer | Affected by | VCID-z8sc-rus1-aaae | https://www.openssl.org/news/secadv/20141015.txt | 34.0.0rc1 |
| 2024-01-03T20:01:44.913838+00:00 | OpenSSL Importer | Affected by | VCID-vc6g-hwkh-aaas | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:44.631283+00:00 | OpenSSL Importer | Affected by | VCID-nemw-6d8n-aaah | https://www.openssl.org/news/secadv/20141015.txt | 34.0.0rc1 |
| 2024-01-03T20:01:44.360936+00:00 | OpenSSL Importer | Affected by | VCID-kay4-6j1g-aaas | https://www.openssl.org/news/secadv/20141015.txt | 34.0.0rc1 |
| 2024-01-03T20:01:44.275554+00:00 | OpenSSL Importer | Affected by | VCID-vvuz-hvfa-aaae | https://www.openssl.org/news/secadv/20150108.txt | 34.0.0rc1 |
| 2024-01-03T20:01:43.950314+00:00 | OpenSSL Importer | Affected by | VCID-5g8u-a3pe-aaan | https://www.openssl.org/news/secadv/20150108.txt | 34.0.0rc1 |
| 2024-01-03T20:01:43.631168+00:00 | OpenSSL Importer | Affected by | VCID-qnz6-p4f5-aaag | https://www.openssl.org/news/secadv/20150108.txt | 34.0.0rc1 |
| 2024-01-03T20:01:43.463048+00:00 | OpenSSL Importer | Affected by | VCID-xmkv-s3ye-aaae | https://www.openssl.org/news/secadv/20150108.txt | 34.0.0rc1 |
| 2024-01-03T20:01:43.147104+00:00 | OpenSSL Importer | Affected by | VCID-amba-4zuy-aaap | https://www.openssl.org/news/secadv/20150108.txt | 34.0.0rc1 |
| 2024-01-03T20:01:42.821528+00:00 | OpenSSL Importer | Affected by | VCID-dhsz-kcke-aaan | https://www.openssl.org/news/secadv/20150108.txt | 34.0.0rc1 |
| 2024-01-03T20:01:42.439930+00:00 | OpenSSL Importer | Affected by | VCID-1bwf-h8y6-aaar | https://www.openssl.org/news/secadv/20150108.txt | 34.0.0rc1 |
| 2024-01-03T20:01:42.242265+00:00 | OpenSSL Importer | Affected by | VCID-y49b-wcn4-aaaa | https://www.openssl.org/news/secadv/20150319.txt | 34.0.0rc1 |
| 2024-01-03T20:01:41.864852+00:00 | OpenSSL Importer | Affected by | VCID-75pz-sunt-aaaa | https://www.openssl.org/news/secadv/20150319.txt | 34.0.0rc1 |
| 2024-01-03T20:01:41.450823+00:00 | OpenSSL Importer | Affected by | VCID-9few-spp9-aaag | https://www.openssl.org/news/secadv/20150319.txt | 34.0.0rc1 |
| 2024-01-03T20:01:41.130485+00:00 | OpenSSL Importer | Affected by | VCID-xrv3-gt8k-aaak | https://www.openssl.org/news/secadv/20150319.txt | 34.0.0rc1 |
| 2024-01-03T20:01:40.818220+00:00 | OpenSSL Importer | Affected by | VCID-bsap-s527-aaaj | https://www.openssl.org/news/secadv/20150319.txt | 34.0.0rc1 |
| 2024-01-03T20:01:40.439768+00:00 | OpenSSL Importer | Affected by | VCID-1pke-t171-aaas | https://www.openssl.org/news/secadv/20150319.txt | 34.0.0rc1 |
| 2024-01-03T20:01:40.030168+00:00 | OpenSSL Importer | Affected by | VCID-914k-6fj2-aaac | https://www.openssl.org/news/secadv/20150319.txt | 34.0.0rc1 |
| 2024-01-03T20:01:39.766415+00:00 | OpenSSL Importer | Affected by | VCID-zkqe-jrqc-aaab | https://www.openssl.org/news/secadv/20150611.txt | 34.0.0rc1 |
| 2024-01-03T20:01:39.438907+00:00 | OpenSSL Importer | Affected by | VCID-69ax-cbdq-aaam | https://www.openssl.org/news/secadv/20150611.txt | 34.0.0rc1 |
| 2024-01-03T20:01:39.041994+00:00 | OpenSSL Importer | Affected by | VCID-arc3-rhts-aaar | https://www.openssl.org/news/secadv/20150611.txt | 34.0.0rc1 |
| 2024-01-03T20:01:38.648959+00:00 | OpenSSL Importer | Affected by | VCID-tc8g-det5-aaad | https://www.openssl.org/news/secadv/20150611.txt | 34.0.0rc1 |
| 2024-01-03T20:01:38.263146+00:00 | OpenSSL Importer | Affected by | VCID-gydy-46kx-aaaf | https://www.openssl.org/news/secadv/20150611.txt | 34.0.0rc1 |
| 2024-01-03T20:01:37.873643+00:00 | OpenSSL Importer | Affected by | VCID-rhab-a2ya-aaae | https://www.openssl.org/news/secadv/20150611.txt | 34.0.0rc1 |
| 2024-01-03T20:01:37.533378+00:00 | OpenSSL Importer | Affected by | VCID-hzh3-5uc4-aaap | https://www.openssl.org/news/secadv/20151203.txt | 34.0.0rc1 |
| 2024-01-03T20:01:37.272930+00:00 | OpenSSL Importer | Affected by | VCID-3d3c-x2ux-aaaa | https://www.openssl.org/news/secadv/20151203.txt | 34.0.0rc1 |
| 2024-01-03T20:01:36.839954+00:00 | OpenSSL Importer | Affected by | VCID-gp3a-7m39-aaam | https://www.openssl.org/news/secadv/20151203.txt | 34.0.0rc1 |
| 2024-01-03T20:01:36.608126+00:00 | OpenSSL Importer | Affected by | VCID-68v4-qbae-aaak | https://www.openssl.org/news/secadv/20160128.txt | 34.0.0rc1 |
| 2024-01-03T20:01:36.459266+00:00 | OpenSSL Importer | Affected by | VCID-1t6y-1zjy-aaae | https://www.openssl.org/news/secadv/20160301.txt | 34.0.0rc1 |
| 2024-01-03T20:01:36.086810+00:00 | OpenSSL Importer | Affected by | VCID-ftte-av19-aaad | https://www.openssl.org/news/secadv/20160301.txt | 34.0.0rc1 |
| 2024-01-03T20:01:35.624970+00:00 | OpenSSL Importer | Affected by | VCID-t9zu-eqq1-aaag | https://www.openssl.org/news/secadv/20160301.txt | 34.0.0rc1 |
| 2024-01-03T20:01:35.459479+00:00 | OpenSSL Importer | Affected by | VCID-9wtw-93e9-aaam | https://www.openssl.org/news/secadv/20160301.txt | 34.0.0rc1 |
| 2024-01-03T20:01:35.301324+00:00 | OpenSSL Importer | Affected by | VCID-uh6s-bvxe-aaaf | https://www.openssl.org/news/secadv/20160301.txt | 34.0.0rc1 |
| 2024-01-03T20:01:35.124097+00:00 | OpenSSL Importer | Affected by | VCID-m4nz-uw2e-aaaq | https://www.openssl.org/news/secadv/20160301.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.962236+00:00 | OpenSSL Importer | Affected by | VCID-ejg3-awxf-aaan | https://www.openssl.org/news/secadv/20160301.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.783003+00:00 | OpenSSL Importer | Affected by | VCID-vz46-gfhm-aaap | https://www.openssl.org/news/secadv/20160301.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.607485+00:00 | OpenSSL Importer | Affected by | VCID-wdvv-5wyx-aaaa | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.437738+00:00 | OpenSSL Importer | Affected by | VCID-egbc-ecck-aaag | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.267224+00:00 | OpenSSL Importer | Affected by | VCID-xsy7-be4x-aaas | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.095494+00:00 | OpenSSL Importer | Affected by | VCID-42tc-p92q-aaap | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.923268+00:00 | OpenSSL Importer | Affected by | VCID-cg17-ah7e-aaag | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.797984+00:00 | OpenSSL Importer | Affected by | VCID-52ea-drta-aaaa | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.556984+00:00 | OpenSSL Importer | Affected by | VCID-eg7n-8h8z-aaaa | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.367031+00:00 | OpenSSL Importer | Affected by | VCID-a12s-yyr4-aaad | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.175469+00:00 | OpenSSL Importer | Affected by | VCID-9fjn-9378-aaae | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.988922+00:00 | OpenSSL Importer | Affected by | VCID-z6bg-hyhu-aaas | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.801138+00:00 | OpenSSL Importer | Affected by | VCID-kryh-pfgh-aaag | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.612474+00:00 | OpenSSL Importer | Affected by | VCID-ue1t-xset-aaah | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.430193+00:00 | OpenSSL Importer | Affected by | VCID-agz8-77e4-aaaq | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.248194+00:00 | OpenSSL Importer | Affected by | VCID-581z-anfk-aaaq | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.053704+00:00 | OpenSSL Importer | Affected by | VCID-sgbg-ntsk-aaac | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:31.795203+00:00 | OpenSSL Importer | Affected by | VCID-bms1-jrax-aaap | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |