- Home
- CVEs with nessus.description==Problem description :
OpenSSL fails to clear the bytes used as block cipher padding in SSL
3.0 records when operating as a client or a server that accept SSL 3.0
handshakes. As a result, in each record, up to 15 bytes of
uninitialized memory may be sent, encrypted, to the SSL peer. This
could include sensitive contents of previously freed memory.
[CVE-2011-4576]
OpenSSL support for handshake restarts for server gated cryptography
(SGC) can be used in a denial-of-service attack. [CVE-2011-4619]
If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free.
[CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]
The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data. This error can
occur on systems that parse untrusted ASN.1 data, such as X.509
certificates or RSA public keys. [CVE-2012-2110]
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top