Veracode Vulnerability DatabaseVERACODE:29835Denial Of Service (DoS)
0.005 Low
EPSS
Percentile
76.4%
openssl is vulnerable to denial of service. A NULL pointer dereference occurs when parsing a malicious renegotiation ClientHello message. This allows an attacker to remotely crash the application.
References
www.openwall.com/lists/oss-security/2021/03/27/1
www.openwall.com/lists/oss-security/2021/03/27/2
www.openwall.com/lists/oss-security/2021/03/28/3
www.openwall.com/lists/oss-security/2021/03/28/4
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
kc.mcafee.com/corporate/index?page=content&id=SB10356
lists.debian.org/debian-lts-announce/2021/08/msg00029.html
lists.fedoraproject.org/archives/list/[email protected]/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
secdb.alpinelinux.org/v3.10/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.9/main.yaml
security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
security.gentoo.org/glsa/202103-03
security.netapp.com/advisory/ntap-20210326-0006/
security.netapp.com/advisory/ntap-20210513-0002/
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
www.debian.org/security/2021/dsa-4875
www.openssl.org/news/secadv/20210325.txt
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
www.oracle.com/security-alerts/cpuoct2021.html
www.tenable.com/security/tns-2021-05
www.tenable.com/security/tns-2021-06
www.tenable.com/security/tns-2021-09
www.tenable.com/security/tns-2021-10
Related
