Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-1378 | 5.0 |
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or
|
07-02-2024 - 18:02 | 19-05-2009 - 19:30 | |
CVE-2009-1377 | 5.0 |
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, ak
|
07-02-2024 - 18:01 | 19-05-2009 - 19:30 | |
CVE-2010-0740 | 5.0 |
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi
|
13-02-2023 - 04:16 | 26-03-2010 - 18:30 | |
CVE-2010-0433 | 4.3 |
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of servic
|
13-02-2023 - 04:16 | 05-03-2010 - 19:30 | |
CVE-2009-3555 | 5.8 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
|
13-02-2023 - 02:20 | 09-11-2009 - 17:30 | |
CVE-2009-1379 | 5.0 |
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS
|
13-02-2023 - 02:20 | 19-05-2009 - 19:30 | |
CVE-2008-1678 | 5.0 |
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client hand
|
13-02-2023 - 02:18 | 10-07-2008 - 17:41 | |
CVE-2009-0590 | 5.0 |
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid
|
03-11-2020 - 17:38 | 27-03-2009 - 16:30 | |
CVE-2010-0742 | 7.5 |
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid
|
19-09-2017 - 01:30 | 03-06-2010 - 14:30 | |
CVE-2009-4355 | 5.0 |
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to
|
19-09-2017 - 01:29 | 14-01-2010 - 19:30 | |
CVE-2009-3245 | 10.0 |
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent at
|
19-09-2017 - 01:29 | 05-03-2010 - 19:30 | |
CVE-2009-0789 | 5.0 |
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the
|
17-08-2017 - 01:30 | 27-03-2009 - 16:30 | |
CVE-2009-0591 | 2.6 |
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid bu
|
17-08-2017 - 01:29 | 27-03-2009 - 16:30 |