Lucene search
UbuntuUSN-6632-1HistoryFeb 13, 2024 - 12:00 a.m.
OpenSSL vulnerabilities
2024-02-1300:00:00
ubuntu.com
18
ubuntu
openssl
esm
x9.42 dh keys
denial of service
cve-2023-5678
pkcs12 files
cve-2024-0727
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.3%
Releases
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- openssl - Secure Socket Layer (SSL) cryptographic library and tools
Details
David Benjamin discovered that OpenSSL incorrectly handled excessively long
X9.42 DH keys. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, leading to a denial of service.
(CVE-2023-5678)
Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed
PKCS12 files. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | libssl1.1 | < 1.1.1-1ubuntu2.1~18.04.23+esm4 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libcrypto1.1-udeb | < 1.1.1-1ubuntu2.1~18.04.23 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libssl-dev | < 1.1.1-1ubuntu2.1~18.04.23 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libssl-doc | < 1.1.1-1ubuntu2.1~18.04.23 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libssl1.1 | < 1.1.1-1ubuntu2.1~18.04.23 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libssl1.1-dbgsym | < 1.1.1-1ubuntu2.1~18.04.23 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libssl1.1-udeb | < 1.1.1-1ubuntu2.1~18.04.23 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openssl | < 1.1.1-1ubuntu2.1~18.04.23 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openssl-dbgsym | < 1.1.1-1ubuntu2.1~18.04.23 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libssl1.0.0 | < 1.0.2g-1ubuntu4.20+esm11 | UNKNOWN |
Related
osv
osv
openssl vulnerabilities
2024-02-13 10:29:56
openssl1.0 vulnerabilities
2024-03-21 16:53:43
openssl vulnerabilities
2024-02-05 12:18:56
openvas
openvas
Ubuntu: Security Advisory (USN-6632-1)
2024-02-14 00:00:00
Huawei EulerOS: Security Advisory for linux-sgx (EulerOS-SA-2024-1596)
2024-05-10 00:00:00
Mageia: Security Advisory (MGASA-2024-0020)
2024-02-05 00:00:00
nessus
nessus
OpenSSL 1.1.1 < 1.1.1x Multiple Vulnerabilities
2023-11-07 00:00:00
OpenSSL 1.0.2 < 1.0.2zj Multiple Vulnerabilities
2023-11-07 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-6632-1)
2024-02-13 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0721
2024-02-05 00:00:00
mageia
mageia
Updated quictls packages fix security vulnerabilities
2024-02-15 02:02:34
Updated openssl packages fix security vulnerabilities
2024-02-04 05:49:27
ubuntu
ubuntu
OpenSSL vulnerabilities
2024-03-21 00:00:00
OpenSSL vulnerabilities
2024-02-05 00:00:00
cloudfoundry
cloudfoundry
USN-6622-1: OpenSSL vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-0727 affecting package openssl for versions less than 1.1.1k-29
2024-05-17 21:38:35
CVE-2024-0727 affecting package kata-containers for versions less than 3.2.0.azl1-1
2024-05-17 21:38:35
CVE-2024-0727 affecting package hvloader for versions less than 1.0.1-3
2024-06-06 19:53:22
github
github
Null pointer dereference in PKCS12 parsing
2024-01-26 09:30:23
f5
f5
K000138695 : OpenSSL vulnerability CVE-2024-0727
2024-02-23 00:00:00
K000138242 : OpenSSL vulnerability CVE-2023-5678
2024-01-17 00:00:00
prion
prion
Null pointer dereference
2024-01-26 09:15:00
Design/Logic Flaw
2023-11-06 16:15:00
ibm
ibm
cgr
cgr
CVE-2024-0727 vulnerabilities
2024-05-19 03:07:16
CVE-2023-5678 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
CVE-2024-0727
2024-01-26 09:15:07
CVE-2023-5678
2023-11-06 16:15:42
cvelist
cvelist
CVE-2024-0727 PKCS12 Decoding crashes
2024-01-26 08:57:19
nvd
nvd
CVE-2024-0727
2024-01-26 09:15:07
CVE-2023-5678
2023-11-06 16:15:42
cve
cve
CVE-2024-0727
2024-01-26 09:15:07
CVE-2023-5678
2023-11-06 16:15:42
wolfi
wolfi
CVE-2024-0727 vulnerabilities
2024-06-29 09:08:33
CVE-2023-5678 vulnerabilities
2024-06-29 09:08:33
amazon
amazon
debiancve
debiancve
CVE-2024-0727
2024-01-26 09:15:07
CVE-2023-5678
2023-11-06 16:15:42
openssl
openssl
Vulnerability in OpenSSL CVE-2024-0727
2024-01-25 00:00:00
Vulnerability in OpenSSL CVE-2023-5678
2023-11-06 00:00:00
redhatcve
redhatcve
CVE-2024-0727
2024-01-25 17:20:37
CVE-2023-5678
2023-11-08 06:27:08
ubuntucve
ubuntucve
CVE-2024-0727
2024-01-26 00:00:00
CVE-2023-5678
2023-11-06 00:00:00
veracode
veracode
Denial Of Service
2024-01-30 20:23:38
Denial Of Service (DoS)
2023-11-09 17:00:15
freebsd
freebsd
OpenSSL -- DoS in DH generation
2023-11-08 00:00:00
OpenSSL -- Multiple vulnerabilities
2024-01-30 00:00:00
redos
redos
ROS-20240401-02
2024-04-01 00:00:00
redhat
redhat
(RHSA-2024:2447) Low: openssl and openssl-fips-provider security update
2024-04-30 06:15:44
almalinux
almalinux
Low: openssl and openssl-fips-provider security update
2024-04-30 00:00:00
oraclelinux
oraclelinux
openssl and openssl-fips-provider security update
2024-05-03 00:00:00
ics
ics
Siemens SIMATIC S7-1500
2024-04-11 12:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.3%
Related for USN-6632-1