openssl-1.0
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Unknown |
| Version | Removed |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2730 | 1.0.2.zd-1 | 1.0.2.ze-1 | Medium | Unknown | |
| AVG-1229 | 1.0.2.u-1 | High | Unknown | FS#67858 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2022-1292 | AVG-2730 | Medium | Unknown | Unknown | The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a... |
| CVE-2021-23841 | AVG-1229 | Medium | Yes | Denial of service | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained... |
| CVE-2021-23840 | AVG-1229 | Low | Yes | Incorrect calculation | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to... |
| CVE-2021-23839 | AVG-1229 | Low | Yes | Incorrect calculation | OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS... |
| CVE-2021-3712 | AVG-1229 | Medium | Yes | Information disclosure | A security issue has been found in OpenSSL before version 1.1.1l. ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which... |
| CVE-2021-3601 | AVG-1229 | Low | Yes | Insufficient validation | OpenSSL 1.0.2 will accept a certificate with explicitly set Basic Constraints to CA:FALSE as a valid CA if it is present in the trusted bundle. |
| CVE-2020-1971 | AVG-1229 | High | Yes | Denial of service | A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of... |
| CVE-2020-1968 | AVG-1229 | Medium | Yes | Private key recovery | A flaw was found in openssl in versions 1.0.2 to 1.0.2w. A Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-917 | 1.0.2.q-1 | 1.0.2.r-1 | Medium | Fixed | |
| AVG-807 | 1.0.2.p-1 | 1.0.2.q-1 | Low | Fixed | |
| AVG-677 | 1.0.2.o-1 | 1.0.2.p-1 | Low | Fixed | |
| AVG-550 | 1.0.2.l-2 | 1.0.2.n-1 | Medium | Fixed | |
| AVG-479 | 1.0.2.l-1 | 1.0.2.n-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-1559 | AVG-917 | Medium | Yes | Information disclosure | A padding oracle has been found in OpenSSL versions prior to 1.0.2r. This issue does not impact OpenSSL 1.1.1 or 1.1.0. If an application encounters a fatal... |
| CVE-2018-5407 | AVG-807 | Low | No | Private key recovery | A vulnerability has been found in the ECC scalar multiplication implementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation, used in e.g. ECDSA and... |
| CVE-2018-0737 | AVG-677 | Low | No | Private key recovery | A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access... |
| CVE-2018-0734 | AVG-807 | Low | Yes | Private key recovery | A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side... |
| CVE-2018-0732 | AVG-677 | Low | Yes | Denial of service | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause... |
| CVE-2017-3738 | AVG-550 | Medium | Yes | Private key recovery | There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected.... |
| CVE-2017-3737 | AVG-550 | Medium | Yes | Information disclosure | OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then... |
| CVE-2017-3736 | AVG-479 | Medium | Yes | Information disclosure | A carry propagation bug has been found in OpenSSL < 1.1.0g in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests... |
| CVE-2017-3735 | AVG-479 | Low | Yes | Denial of service | A security issue has been found in OpenSSL < 1.1.0g. If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 02 Mar 2019 | ASA-201903-2 | AVG-917 | Medium | information disclosure |
| 08 Dec 2018 | ASA-201812-8 | AVG-807 | Low | private key recovery |
| 16 Dec 2017 | ASA-201712-9 | AVG-479 | Medium | multiple issues |