lib32-openssl

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (32-bit)
Version 1:3.4.0-1 [multilib]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2849 1:3.1.3-1 1:3.1.4-1 Medium Fixed
AVG-2316 1:1.1.1.k-1 1:1.1.1.l-1 High Fixed
AVG-1142 1.1.1.f-1 1.1.1.g-1 High Fixed
AVG-920 1:1.1.1.b-1 1:1.1.1.c-1 Low Fixed
AVG-793 1:1.1.1-1 1:1.1.1.a-1 Low Fixed
AVG-675 1:1.1.0.h-1 1:1.1.0.i-1 Low Fixed
AVG-551 1:1.1.0.g-1 1:1.1.0.h-1 Medium Fixed
AVG-549 1.1.0.g-1 Medium Not affected
AVG-478 1:1.1.0.f-1 1:1.1.0.g-1 Medium Fixed
AVG-155 1:1.0.2.j-1 1:1.0.2.k-1 Medium Fixed
AVG-144 1:1.1.0.a-1 1:1.1.0.c-1 High Not affected
AVG-141 1.0.2.j-1 Medium Not affected
AVG-68 1:1.0.2.j-1 1:1.0.2.k-1 Low Fixed
AVG-34 1:1.0.2.i-1 1:1.0.2.j-1 Medium Fixed
AVG-32 1:1.1.0a-1 Critical Not affected
AVG-30 1:1.0.2.h-1 1:1.0.2.i-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2023-5363 AVG-2849 Medium Yes Incorrect calculation
A bug has been identified in OpenSSL <= 3.1.3, in the processing of key and initialisation vector (IV) lengths.  This can lead to potential truncation or...
CVE-2021-3712 AVG-2316 Medium Yes Information disclosure
A security issue has been found in OpenSSL before version 1.1.1l. ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which...
CVE-2021-3711 AVG-2316 High Yes Arbitrary code execution
A security issue has been found in OpenSSL 1.1.1 before version 1.1.1l. In order to decrypt SM2 encrypted data an application is expected to call the API...
CVE-2020-1967 AVG-1142 High Yes Denial of service
A NULL pointer dereference has been found in OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f. Server or client applications that call the SSL_check_chain()...
CVE-2019-1543 AVG-920 Low Yes Information disclosure
An issue has been found in OpenSSL <= 1.1.1b, where an application using ChaCha20-Poly1305 could set a non-default nonce length to be longer than 12 bytes...
CVE-2018-0737 AVG-675 Low No Private key recovery
A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access...
CVE-2018-0735 AVG-793 Low Yes Private key recovery
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could...
CVE-2018-0734 AVG-793 Low Yes Private key recovery
A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side...
CVE-2018-0732 AVG-675 Low Yes Denial of service
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause...
CVE-2017-3738 AVG-551 Medium Yes Private key recovery
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected....
CVE-2017-3737 AVG-549 Medium Yes Information disclosure
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then...
CVE-2017-3736 AVG-478 Medium Yes Information disclosure
A carry propagation bug has been found in OpenSSL < 1.1.0g in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests...
CVE-2017-3735 AVG-478 Low Yes Denial of service
A security issue has been found in OpenSSL < 1.1.0g. If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer...
CVE-2017-3732 AVG-155 Low No Information disclosure
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and...
CVE-2017-3731 AVG-155 Medium Yes Denial of service
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to...
CVE-2016-7056 AVG-141 Medium No Private key recovery
The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized...
CVE-2016-7055 AVG-68 Low Yes Incorrect calculation
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256...
CVE-2016-7055 AVG-155 Low Yes Incorrect calculation
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256...
CVE-2016-7054 AVG-144 High Yes Denial of service
TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a denial of service attack via application crash by corrupting larger payloads.
CVE-2016-7052 AVG-34 Medium Yes Denial of service
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL...
CVE-2016-6309 AVG-32 Critical Yes Arbitrary code execution
The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store...
CVE-2016-6306 AVG-30 Low Yes Denial of service
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical...
CVE-2016-6304 AVG-30 High Yes Denial of service
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP...
CVE-2016-6303 AVG-30 Low Yes Arbitrary code execution
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply...
CVE-2016-6302 AVG-30 Low Yes Denial of service
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will...
CVE-2016-2183 AVG-30 Medium Yes Information disclosure
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES...
CVE-2016-2182 AVG-30 Low Yes Arbitrary code execution
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly...
CVE-2016-2181 AVG-30 Low Yes Denial of service
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC...
CVE-2016-2180 AVG-30 Low Yes Denial of service
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data...
CVE-2016-2179 AVG-30 Low Yes Denial of service
In a DTLS connection where handshake messages are delivered out-of- order those messages that OpenSSL is not yet ready to process will be buffered for later...
CVE-2016-2178 AVG-30 High Yes Private key recovery
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means...
CVE-2016-2177 AVG-30 Medium Yes Denial of service
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap- buffer boundary checks, which might allow remote attackers to cause a denial of service...

Advisories

Date Advisory Group Severity Type
22 Apr 2020 ASA-202004-19 AVG-1142 High denial of service
11 Jun 2019 ASA-201906-6 AVG-920 Low information disclosure
08 Dec 2018 ASA-201812-6 AVG-793 Low private key recovery
15 Apr 2018 ASA-201804-6 AVG-551 Medium private key recovery
08 Nov 2017 ASA-201711-15 AVG-478 Medium multiple issues
27 Jan 2017 ASA-201701-36 AVG-155 Medium multiple issues
27 Sep 2016 ASA-201609-28 AVG-34 Medium denial of service
26 Sep 2016 ASA-201609-24 AVG-30 High multiple issues