VulnerableCode Package Details - pkg:openssl/openssl@1.0.1u

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-581z-anfk-aaaq	The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.	CVE-2016-6302 VC-OPENSSL-20160823-CVE-2016-6302
VCID-9fjn-9378-aaae	The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.	CVE-2016-2179 VC-OPENSSL-20160822-CVE-2016-2179
VCID-a12s-yyr4-aaad	The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.	CVE-2016-2181 VC-OPENSSL-20160819-CVE-2016-2181
VCID-agz8-77e4-aaaq	The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.	CVE-2016-2182 VC-OPENSSL-20160816-CVE-2016-2182
VCID-bms1-jrax-aaap	Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.	CVE-2016-6304 VC-OPENSSL-20160922-CVE-2016-6304
VCID-eg7n-8h8z-aaaa	The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.	CVE-2016-6306 VC-OPENSSL-20160921-CVE-2016-6306
VCID-kryh-pfgh-aaag	OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.	CVE-2016-2177 VC-OPENSSL-20160601-CVE-2016-2177
VCID-sgbg-ntsk-aaac	Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.	CVE-2016-6303 VC-OPENSSL-20160824-CVE-2016-6303
VCID-ue1t-xset-aaah	The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.	CVE-2016-2180 VC-OPENSSL-20160722-CVE-2016-2180
VCID-z6bg-hyhu-aaas	The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.	CVE-2016-2178 VC-OPENSSL-20160607-CVE-2016-2178

Vulnerability

Summary

Aliases

VCID-581z-anfk-aaaq

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

CVE-2016-6302
VC-OPENSSL-20160823-CVE-2016-6302

VCID-9fjn-9378-aaae

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

CVE-2016-2179
VC-OPENSSL-20160822-CVE-2016-2179

VCID-a12s-yyr4-aaad

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

CVE-2016-2181
VC-OPENSSL-20160819-CVE-2016-2181

VCID-agz8-77e4-aaaq

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

CVE-2016-2182
VC-OPENSSL-20160816-CVE-2016-2182

VCID-bms1-jrax-aaap

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

CVE-2016-6304
VC-OPENSSL-20160922-CVE-2016-6304

VCID-eg7n-8h8z-aaaa

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

CVE-2016-6306
VC-OPENSSL-20160921-CVE-2016-6306

VCID-kryh-pfgh-aaag

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

CVE-2016-2177
VC-OPENSSL-20160601-CVE-2016-2177

VCID-sgbg-ntsk-aaac

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

CVE-2016-6303
VC-OPENSSL-20160824-CVE-2016-6303

VCID-ue1t-xset-aaah

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

CVE-2016-2180
VC-OPENSSL-20160722-CVE-2016-2180

VCID-z6bg-hyhu-aaas

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

CVE-2016-2178
VC-OPENSSL-20160607-CVE-2016-2178

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-01-03T20:01:33.649520+00:00	OpenSSL Importer	Fixing	VCID-eg7n-8h8z-aaaa	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:33.456622+00:00	OpenSSL Importer	Fixing	VCID-a12s-yyr4-aaad	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:33.264442+00:00	OpenSSL Importer	Fixing	VCID-9fjn-9378-aaae	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:33.077676+00:00	OpenSSL Importer	Fixing	VCID-z6bg-hyhu-aaas	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:32.891424+00:00	OpenSSL Importer	Fixing	VCID-kryh-pfgh-aaag	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:32.705985+00:00	OpenSSL Importer	Fixing	VCID-ue1t-xset-aaah	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:32.521651+00:00	OpenSSL Importer	Fixing	VCID-agz8-77e4-aaaq	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:32.337394+00:00	OpenSSL Importer	Fixing	VCID-581z-anfk-aaaq	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:32.148510+00:00	OpenSSL Importer	Fixing	VCID-sgbg-ntsk-aaac	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1
2024-01-03T20:01:31.885770+00:00	OpenSSL Importer	Fixing	VCID-bms1-jrax-aaap	https://www.openssl.org/news/secadv/20160922.txt	34.0.0rc1