AVG-1582 log

Package openssl-1.0
Status Vulnerable
Severity Medium
Type multiple issues
Affected 1.0.2.u-1
Fixed Unknown
Current 1.0.2.u-1 [core]
Ticket Create
Created Tue Feb 16 19:48:09 2021
Issue Severity Remote Type Description
CVE-2021-23841 Medium Yes Denial of service
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained...
CVE-2021-23840 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
CVE-2021-23839 Low Yes Incorrect calculation
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS...
OpenSSL 1.0.2 is out of support and no longer receiving public updates, so this issue will not be fixed.