AVG-1229 log

Package openssl-1.0
Status Unknown
Severity High
Type multiple issues
Affected 1.0.2.u-1
Fixed Unknown
Current Removed
Ticket FS#67858
Created Fri Sep 11 15:50:01 2020
Issue Severity Remote Type Description
CVE-2021-23841 Medium Yes Denial of service
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained...
CVE-2021-23840 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
CVE-2021-23839 Low Yes Incorrect calculation
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS...
CVE-2021-3712 Medium Yes Information disclosure
A security issue has been found in OpenSSL before version 1.1.1l. ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which...
CVE-2021-3601 Low Yes Insufficient validation
OpenSSL 1.0.2 will accept a certificate with explicitly set Basic Constraints to CA:FALSE as a valid CA if it is present in the trusted bundle.
CVE-2020-1971 High Yes Denial of service
A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of...
CVE-2020-1968 Medium Yes Private key recovery
A flaw was found in openssl in versions 1.0.2 to 1.0.2w. A Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able...
Notes
OpenSSL 1.0.2 is out of support and no longer receiving public updates, so these issues will not be fixed.