Search CVE reports


Toggle filters

81 – 90 of 268 results


CVE-2017-3736

Medium priority
Fixed

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages

CVE-2017-3735

Low priority
Fixed

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
openssl1.0 Not affected Not in release
Show less packages

CVE-2017-3733

High priority
Not affected

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
Show less packages

CVE-2017-3730

Medium priority
Not affected

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
Show less packages

CVE-2016-7054

Medium priority
Not affected

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
openssl1.0 Not in release
Show less packages

CVE-2016-7053

Medium priority
Not affected

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
openssl1.0 Not in release
Show less packages

CVE-2017-3732

Medium priority
Fixed

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2017-3731

Medium priority

Some fixes available 9 of 10

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages

CVE-2016-7056

Medium priority

Some fixes available 2 of 3

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected Not affected
openssl098 Not in release Not in release
Show less packages

CVE-2016-7055

Low priority
Fixed

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages