Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-7018-1
HistorySep 18, 2024 - 12:38 a.m.

openssl vulnerabilities

2024-09-1800:38:46
Google
osv.dev
3
openssl
vulnerabilities
diffie-hellman
ciphersuites
evp
functions
denial of service
c_rehash script
arbitrary commands
pkcs12 files

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

JSON

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky
discovered that certain Diffie-Hellman ciphersuites in the TLS
specification and implemented by OpenSSL contained a flaw. A remote
attacker could possibly use this issue to eavesdrop on encrypted
communications. This was fixed in this update by removing the insecure
ciphersuites from OpenSSL. (CVE-2020-1968)

Paul Kehrer discovered that OpenSSL incorrectly handled certain input
lengths in EVP functions. A remote attacker could possibly use this issue
to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2021-23840)

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the
c_rehash script. A local attacker could possibly use this issue to execute
arbitrary commands when c_rehash is run. (CVE-2022-2068)

It was discovered that OpenSSL incorrectly handled excessively large
Diffie-Hellman parameters. An attacker could possibly use this issue
to cause a denial of service. (CVE-2023-3446)

Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed
PKCS12 files. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)

Related

openvas 42
nessus 62
osv 11
ubuntucve 3
cloudlinux 2
suse 4
amazon 3
prion 3
debiancve 3
cvelist 3
redhatcve 3
redhat 3
altlinux 2
broadcom 1
nvd 3
openssl 3
slackware 2
alpinelinux 2
f5 3
cve 3
aix 1
ibm 23
oraclelinux 2
almalinux 1
rocky 1
ubuntu 2
symantec 1
paloalto 1
rustsec 1
veracode 2
githubexploit 1
debian 1
photon 1
openvas
openvas
Ubuntu: Security Advisory (USN-7018-1)
2024-09-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2321-1)
2022-07-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2197-1)
2022-06-29 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-7018-1)
2024-09-18 00:00:00
Amazon Linux 2 : openssl-snapsafe (ALASOPENSSL-SNAPSAFE-2023-001)
2023-09-27 00:00:00
OpenSSL 3.0.0 < 3.0.4 Vulnerability
2022-06-21 00:00:00
osv
osv
libopenssl-1_0_0-devel-1.0.2u-9.1 on GA media
2024-06-15 00:00:00
CVE-2022-2068
2022-06-21 15:15:09
Moderate: openssl security update
2022-08-03 00:00:00
ubuntucve
ubuntucve
CVE-2022-2068
2022-06-21 00:00:00
CVE-2021-23840
2021-02-16 00:00:00
CVE-2020-1968
2020-09-09 00:00:00
cloudlinux
cloudlinux
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
2022-07-14 16:53:26
Fix of CVE: CVE-2021-23840
2021-09-21 22:03:05
suse
suse
Security update for openssl-1_1 (moderate)
2022-07-04 00:00:00
Security update for openssl-1_0_0 (moderate)
2022-07-07 00:00:00
Security update for openssl-1_1 (moderate)
2022-09-01 00:00:00
amazon
amazon
Medium: openssl11
2022-07-28 21:55:00
Medium: openssl
2022-07-28 21:55:00
Medium: openssl
2022-07-28 20:38:00
prion
prion
Command injection
2022-06-21 15:15:00
Design/Logic Flaw
2020-09-09 14:15:00
Design/Logic Flaw
2021-02-16 17:15:00
debiancve
debiancve
CVE-2022-2068
2022-06-21 15:15:09
CVE-2020-1968
2020-09-09 14:15:12
CVE-2021-23840
2021-02-16 17:15:13
cvelist
cvelist
CVE-2022-2068 The c_rehash script allows command injection
2022-06-21 14:45:20
CVE-2020-1968 Raccoon attack
2020-09-09 13:50:12
CVE-2021-23840 Integer overflow in CipherUpdate
2021-02-16 16:55:18
redhatcve
redhatcve
CVE-2022-2068
2022-06-22 06:36:12
CVE-2020-1968
2020-09-09 16:51:54
CVE-2021-23840
2021-02-18 17:04:10
redhat
redhat
(RHSA-2022:8913) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:28:19
(RHSA-2022:8917) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:20:51
(RHSA-2022:5818) Moderate: openssl security update
2022-08-02 07:00:02
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1p-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1p-alt1
2022-06-24 00:00:00
broadcom
broadcom
openssl file names of certificates being hashed were possibly passed to a command executed through the shell
2023-08-01 00:00:00
nvd
nvd
CVE-2022-2068
2022-06-21 15:15:09
CVE-2021-23840
2021-02-16 17:15:13
CVE-2020-1968
2020-09-09 14:15:12
openssl
openssl
Vulnerability in OpenSSL - The c_rehash script allows command injection
2022-06-21 00:00:00
Vulnerability in OpenSSL - Integer overflow in CipherUpdate
2021-02-16 00:00:00
Vulnerability in OpenSSL - Raccoon Attack
2020-09-09 00:00:00
slackware
slackware
[slackware-security] openssl
2022-06-23 05:32:23
[slackware-security] Slackware 14.2 openssl
2022-06-28 19:28:45
alpinelinux
alpinelinux
CVE-2022-2068
2022-06-21 15:15:09
CVE-2021-23840
2021-02-16 17:15:13
f5
f5
K21600298 : OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068
2022-08-05 00:00:00
K92451315 : OpenSSL vulnerability CVE-2020-1968
2020-12-11 00:00:00
K24624116 : OpenSSL vulnerability CVE-2021-23840
2021-02-18 00:00:00
cve
cve
CVE-2022-2068
2022-06-21 15:15:09
CVE-2020-1968
2020-09-09 14:15:12
CVE-2021-23840
2021-02-16 17:15:13
aix
aix
AIX is vulnerable to arbitrary command execution due to OpenSSL
2022-08-17 16:39:03
ibm
ibm
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL
2022-08-19 16:02:33
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server
2023-01-25 16:00:36
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents
2022-09-21 20:55:38
oraclelinux
oraclelinux
openssl security update
2022-08-05 00:00:00
openssl security update
2022-08-02 00:00:00
almalinux
almalinux
Moderate: openssl security update
2022-08-03 00:00:00
rocky
rocky
openssl security update
2022-08-02 07:00:02
ubuntu
ubuntu
OpenSSL vulnerabilities
2024-03-21 00:00:00
Node.js vulnerabilities
2023-10-30 00:00:00
symantec
symantec
OpenSSL Vulnerabilities Sep 2020 - Feb 2021
2021-03-09 19:16:55
paloalto
paloalto
PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968
2021-10-13 16:00:00
rustsec
rustsec
Integer overflow in CipherUpdate
2021-05-01 12:00:00
veracode
veracode
Information Disclosure
2020-09-21 06:18:28
Denial Of Service (DoS)
2021-02-17 18:09:31
githubexploit
githubexploit
Exploit for Integer Overflow or Wraparound in Openssl
2023-09-11 09:24:54
debian
debian
[SECURITY] [DLA 2378-1] openssl1.0 security update
2020-09-25 21:55:39
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0284
2020-09-16 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

JSON
Related for OSV:USN-7018-1
openvas42nessus62osv11ubuntucve3cloudlinux2suse4amazon3prion3debiancve3cvelist3redhatcve3redhat3altlinux2broadcom1nvd3openssl3slackware2alpinelinux2f53cve3aix1ibm23oraclelinux2almalinux1rocky1ubuntu2symantec1paloalto1rustsec1veracode2githubexploit1debian1photon1