- Home
- CVEs with nessus.description==Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that
OpenSSL incorrectly handled memory when buffering DTLS data. A remote
attacker could use this issue to cause OpenSSL to crash, resulting in
a denial of service, or possibly execute arbitrary code.
(CVE-2014-8176)
Joseph Barr-Pixton discovered that OpenSSL incorrectly handled
malformed ECParameters structures. A remote attacker could use this
issue to cause OpenSSL to hang, resulting in a denial of service.
(CVE-2015-1788)
Robert Swiecki and Hanno Bock discovered that OpenSSL incorrectly
handled certain ASN1_TIME strings. A remote attacker could use this
issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2015-1789)
Michal Zalewski discovered that OpenSSL incorrectly handled missing
content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker
could use this issue to cause OpenSSL to crash, resulting in a denial
of service. (CVE-2015-1790)
Emilia Kasper discovered that OpenSSL incorrectly handled
NewSessionTicket when being used by a multi-threaded client. A remote
attacker could use this issue to cause OpenSSL to crash, resulting in
a denial of service. (CVE-2015-1791)
Johannes Bauer discovered that OpenSSL incorrectly handled verifying
signedData messages using the CMS code. A remote attacker could use
this issue to cause OpenSSL to hang, resulting in a denial of service.
(CVE-2015-1792)
As a security improvement, this update also modifies OpenSSL behaviour
to reject DH key sizes below 768 bits, preventing a possible downgrade
attack.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top