CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.5%
OpenSSL cryptographic library vulnerability is related to incorrect input validation in the script
c_rehash. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary OS commands with script privileges
A vulnerability in the OpenSSL cryptographic library is related to an error in the OCSP response validation in the function
OCSP_basic_verify. Exploitation of the vulnerability could allow an attacker acting remotely to,
to use the (non-default) OCSP_NOCHECKS flag and receive a positive response even if the
the response signature certificate has not been verified
Vulnerability of OpenSSL cryptographic library is related to inability to reuse memory
in the OPENSSL_LH_flush() function, which clears the hash table when decoding certificates or keys.
Exploitation of the vulnerability could allow an attacker acting remotely to periodically decode the
certificates or keys, which would increase the amount of memory used indefinitely, and the process
could be halted by the operating system, resulting in a denial of service
The vulnerability in the OpenSSL cryptographic library is related to the misuse of AAD data as a
as a MAC key, making the MAC key trivially predictable. Exploitation of the vulnerability could
Allow an attacker acting remotely to perform a man-in-the-middle (MitM) attack to modify the
data sent from one endpoint to an OpenSSL 3.0 recipient so that the modified data still
pass MAC integrity checks
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.5%