Search for packages
| purl | pkg:openssl/openssl@1.0.1t |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-581z-anfk-aaaq
Aliases: CVE-2016-6302 VC-OPENSSL-20160823-CVE-2016-6302 |
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-9fjn-9378-aaae
Aliases: CVE-2016-2179 VC-OPENSSL-20160822-CVE-2016-2179 |
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-a12s-yyr4-aaad
Aliases: CVE-2016-2181 VC-OPENSSL-20160819-CVE-2016-2181 |
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-agz8-77e4-aaaq
Aliases: CVE-2016-2182 VC-OPENSSL-20160816-CVE-2016-2182 |
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-bms1-jrax-aaap
Aliases: CVE-2016-6304 VC-OPENSSL-20160922-CVE-2016-6304 |
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-eg7n-8h8z-aaaa
Aliases: CVE-2016-6306 VC-OPENSSL-20160921-CVE-2016-6306 |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-kryh-pfgh-aaag
Aliases: CVE-2016-2177 VC-OPENSSL-20160601-CVE-2016-2177 |
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-sgbg-ntsk-aaac
Aliases: CVE-2016-6303 VC-OPENSSL-20160824-CVE-2016-6303 |
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-ue1t-xset-aaah
Aliases: CVE-2016-2180 VC-OPENSSL-20160722-CVE-2016-2180 |
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-z6bg-hyhu-aaas
Aliases: CVE-2016-2178 VC-OPENSSL-20160607-CVE-2016-2178 |
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. |
Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-42tc-p92q-aaap | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. |
CVE-2016-2105
VC-OPENSSL-20160503-CVE-2016-2105 |
| VCID-cg17-ah7e-aaag | The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. |
CVE-2016-2107
VC-OPENSSL-20160503-CVE-2016-2107 |
| VCID-egbc-ecck-aaag | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. |
CVE-2016-2109
VC-OPENSSL-20160503-CVE-2016-2109 |
| VCID-wdvv-5wyx-aaaa | The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. |
CVE-2016-2176
VC-OPENSSL-20160503-CVE-2016-2176 |
| VCID-xsy7-be4x-aaas | Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. |
CVE-2016-2106
VC-OPENSSL-20160503-CVE-2016-2106 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:34.692642+00:00 | OpenSSL Importer | Fixing | VCID-wdvv-5wyx-aaaa | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.524021+00:00 | OpenSSL Importer | Fixing | VCID-egbc-ecck-aaag | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.352174+00:00 | OpenSSL Importer | Fixing | VCID-xsy7-be4x-aaas | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.182688+00:00 | OpenSSL Importer | Fixing | VCID-42tc-p92q-aaap | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:34.008027+00:00 | OpenSSL Importer | Fixing | VCID-cg17-ah7e-aaag | https://www.openssl.org/news/secadv/20160503.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.644828+00:00 | OpenSSL Importer | Affected by | VCID-eg7n-8h8z-aaaa | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.451844+00:00 | OpenSSL Importer | Affected by | VCID-a12s-yyr4-aaad | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.259714+00:00 | OpenSSL Importer | Affected by | VCID-9fjn-9378-aaae | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:33.073044+00:00 | OpenSSL Importer | Affected by | VCID-z6bg-hyhu-aaas | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.886696+00:00 | OpenSSL Importer | Affected by | VCID-kryh-pfgh-aaag | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.701286+00:00 | OpenSSL Importer | Affected by | VCID-ue1t-xset-aaah | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.516955+00:00 | OpenSSL Importer | Affected by | VCID-agz8-77e4-aaaq | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.332720+00:00 | OpenSSL Importer | Affected by | VCID-581z-anfk-aaaq | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:32.144232+00:00 | OpenSSL Importer | Affected by | VCID-sgbg-ntsk-aaac | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |
| 2024-01-03T20:01:31.880560+00:00 | OpenSSL Importer | Affected by | VCID-bms1-jrax-aaap | https://www.openssl.org/news/secadv/20160922.txt | 34.0.0rc1 |