- Home
- CVEs with nessus.description==Several problems have been found in OpenSSL :
- During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop.
- A buffer overflow exists in the SSL_get_shared_ciphers function.
- A NULL pointer may be dereferenced in the SSL version 2 client code.
In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. Impact : Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack.
An attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server.
A malicious SSL server can cause clients connecting using SSL version 2 to crash.
Applications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack. Workaround : No workaround is available, but not all of the vulnerabilities mentioned affect all applications.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top