openssl

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
Version 1.1.0.g-1 [core]

Open

Group Affected Fixed Severity Status Ticket
AVG-540 1.1.0.g-1 1.1.0.h-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2017-3738 AVG-540 Medium Yes Private key recovery
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected....

Resolved

Group Affected Fixed Severity Status Ticket
AVG-548 1.1.0.g-1 Medium Not affected
AVG-477 1.1.0.f-2 1.1.0.g-1 Medium Fixed
AVG-154 1.0.2.j-1 1.0.2.k-1 Medium Fixed
AVG-143 1.1.0.a-1 1.1.0.c-1 High Not affected
AVG-140 1.0.2.j-1 Medium Not affected
AVG-67 1.0.2.j-1 1.0.2.k-1 Low Fixed
AVG-33 1.0.2.i-1 1.0.2.j-1 Medium Fixed
AVG-31 1.1.0a-1 Critical Not affected
AVG-29 1.0.2.h-1 1.0.2.i-1 High Fixed FS#49616
Issue Group Severity Remote Type Description
CVE-2017-3737 AVG-548 Medium Yes Information disclosure
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then...
CVE-2017-3736 AVG-477 Medium Yes Information disclosure
A carry propagation bug has been found in OpenSSL < 1.1.0g in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests...
CVE-2017-3735 AVG-477 Low Yes Denial of service
A security issue has been found in OpenSSL < 1.1.0g. If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer...
CVE-2017-3732 AVG-154 Low No Information disclosure
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and...
CVE-2017-3731 AVG-154 Medium Yes Denial of service
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to...
CVE-2016-7056 AVG-140 Medium No Private key recovery
The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized...
CVE-2016-7055 AVG-154 Low Yes Incorrect calculation
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256...
CVE-2016-7055 AVG-67 Low Yes Incorrect calculation
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256...
CVE-2016-7054 AVG-143 High Yes Denial of service
TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a denial of service attack via application crash by corrupting larger payloads.
CVE-2016-7052 AVG-33 Medium Yes Denial of service
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL...
CVE-2016-6309 AVG-31 Critical Yes Arbitrary code execution
The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store...
CVE-2016-6306 AVG-29 Low Yes Denial of service
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical...
CVE-2016-6304 AVG-29 High Yes Denial of service
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP...
CVE-2016-6303 AVG-29 Low Yes Arbitrary code execution
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply...
CVE-2016-6302 AVG-29 Low Yes Denial of service
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will...
CVE-2016-2183 AVG-29 Medium Yes Information disclosure
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES...
CVE-2016-2182 AVG-29 Low Yes Arbitrary code execution
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly...
CVE-2016-2181 AVG-29 Low Yes Denial of service
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC...
CVE-2016-2180 AVG-29 Low Yes Denial of service
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data...
CVE-2016-2179 AVG-29 Low Yes Denial of service
In a DTLS connection where handshake messages are delivered out-of- order those messages that OpenSSL is not yet ready to process will be buffered for later...
CVE-2016-2178 AVG-29 High Yes Private key recovery
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means...
CVE-2016-2177 AVG-29 Medium Yes Denial of service
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap- buffer boundary checks, which might allow remote attackers to cause a denial of service...

Advisories

Date Advisory Group Severity Description
07 Nov 2017 ASA-201711-14 AVG-477 Medium multiple issues
28 Jan 2017 ASA-201701-37 AVG-154 Medium multiple issues
28 Sep 2016 ASA-201609-30 AVG-33 Medium denial of service
26 Sep 2016 ASA-201609-23 AVG-29 High multiple issues