Searching openssl software vulnerabilities

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and

representations | 097-beta2 | arbitrary | attackers | platforms | possibly | integers | properly | service | earlier | OpenSSL | execute | denial | handle | cause | allow | which | ASCII | could | 096d | code | does | not | bit |

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.


Buffer overflows in OpenSSL 0.9.6d and earlier,

097-beta2 | arbitrary | attackers | overflows | execute | OpenSSL | earlier | Buffer | remote | allow | code | 096d | via |

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.


Buffer overflow in OpenSSL 0.9.7 before 0.9.7-b

overflow | OpenSSL | Buffer |

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.


The ASN1 library in OpenSSL 0.9.6d and earlier,

097-beta2 | attackers | encodings | service | earlier | library | OpenSSL | invalid | denial | allows | remote | cause | 096d | ASN1 | via |

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.


Integer overflow in OpenSSL 0.9.6 and 0.9.7 all

overflow | OpenSSL | Integer |

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.


OpenSSL 0.9.6 and 0.9.7 does not properly track

OpenSSL |

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.


Double-free vulnerability in OpenSSL 0.9.7 allo

vulnerability | Double-free | OpenSSL |

Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.


OpenSSL 0.9.6k allows remote attackers to cause

attackers | service | OpenSSL | denial | allows | remote | cause | 096k |

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.


The do_change_cipher_spec function in OpenSSL 0

do_change_cipher_spec | attackers | function | service | OpenSSL | allows | remote | denial | cause | 096k | 096c | 097c | 097a |

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.


OpenSSL 0.9.6 before 0.9.6d does not properly h

OpenSSL |

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.


The eay_check_x509cert function in KAME Racoon

eay_check_x509cert | authentication | successfully | certificates | validation | attackers | function | verifies | OpenSSL | remote | Racoon | bypass | allow | fails | which | could | KAME | even |

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.


The der_chop script in the openssl package in T

operating | overwrite | temporary | der_chop | symlink | systems | openssl | through | package | Trustix | script | attack | allows | Secure | other | Linux | users | local | files | via |

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.


Soft3304 04WebServer before 1.41 allows remote

04WebServer | Soft3304 | before |

Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.


webadmin.exe in Novell Nsure Audit 1.0.1 allows

webadminexe | Novell | Audit | Nsure |

webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.


Multiple vulnerabilities in the OpenSSL ASN.1 p

vulnerabilities | iManager | Multiple | OpenSSL | Novell | parser | ASN1 | used |

Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.


The default configuration on OpenSSL before 0.9

configuration | OpenSSL | default | before |

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptorgaphically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.


Unspecified vulnerability in VCEngine.php in v-

VC_CRYPTO_METHOD | vulnerability | VCEnginephp | Unspecified | arbitrary | v-creator | attackers | commands | problems | possibly | execute | OPENSSL | 13-pre3 | before | option | remote | allows | due |

Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) enrypt and (2) decrypt functions.


OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.

OpenSSL |

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.


Buffer overflow in the SSL_get_shared_ciphers f

SSL_get_shared_ciphers | function | overflow | OpenSSL | Buffer |

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.


Buffer overflow in the php_openssl_make_REQ fun

php_openssl_make_REQ | function | overflow | before | Buffer | PHP |

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.


Software vulnerabilities results 1 to 20 of 36     
Page: 12