Max CVSS | 6.8 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-0160 | 5.0 |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer ov
|
02-07-2024 - 16:52 | 07-04-2014 - 22:55 | |
CVE-2014-3470 | 4.3 |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen
|
16-09-2022 - 19:54 | 05-06-2014 - 21:55 | |
CVE-2010-5298 | 4.0 |
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via
|
29-08-2022 - 20:53 | 14-04-2014 - 22:38 | |
CVE-2014-0198 | 4.3 |
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL
|
29-08-2022 - 20:50 | 06-05-2014 - 10:44 | |
CVE-2014-0221 | 4.3 |
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS
|
29-08-2022 - 20:49 | 05-06-2014 - 21:55 | |
CVE-2014-0224 | 5.8 |
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
|
16-08-2022 - 13:30 | 05-06-2014 - 21:55 | |
CVE-2014-0195 | 6.8 |
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary c
|
30-06-2022 - 19:49 | 05-06-2014 - 21:55 | |
CVE-2013-6450 | 5.8 |
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a differe
|
09-10-2018 - 19:34 | 01-01-2014 - 16:05 | |
CVE-2013-6449 | 4.3 |
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 cl
|
09-10-2018 - 19:34 | 23-12-2013 - 22:55 | |
CVE-2014-3508 | 4.3 |
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attacker
|
15-11-2017 - 02:29 | 13-08-2014 - 23:55 | |
CVE-2014-3511 | 4.3 |
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both sup
|
15-11-2017 - 02:29 | 13-08-2014 - 23:55 | |
CVE-2014-3509 | 6.8 |
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwr
|
15-11-2017 - 02:29 | 13-08-2014 - 23:55 | |
CVE-2014-3507 | 5.0 |
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger im
|
29-08-2017 - 01:34 | 13-08-2014 - 23:55 | |
CVE-2014-3506 | 5.0 |
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory alloc
|
29-08-2017 - 01:34 | 13-08-2014 - 23:55 | |
CVE-2014-3510 | 4.3 |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via
|
29-08-2017 - 01:34 | 13-08-2014 - 23:55 | |
CVE-2014-3505 | 5.0 |
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that tri
|
07-01-2017 - 03:00 | 13-08-2014 - 23:55 | |
CVE-2013-4353 | 4.3 |
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
|
07-01-2017 - 02:59 | 09-01-2014 - 01:55 |