Lucene search

Veracode Vulnerability DatabaseVERACODE:3435

HistoryFeb 03, 2017 - 8:31 a.m.

Denial Of Service (DoS)

2017-02-0308:31:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.079 Low

EPSS

Percentile

94.3%

JSON

OpenSSL is vulnerable to denial of service (DoS) attacks. A malicious user can pass a long digit string in hex format to trigger an integer overflow, which can cause heap memory corruption or null pointer dereferences that can cause the system to crash.

CPENameOperatorVersion
openssleq1.0.1.h
opensslle1.0.206
opensslle1.0.1h
opensslle1.0.111
openssl-osxle1.0.206
openssl-staticle1.0.2.c1
openssleq1.0.1e__16.el6_5
openssleq1.0.0__4.el6_0.1
openssleq0.9.8b__8.3.el5
openssleq1.0.1e__30.el6

Name	Operator	Version
openssl	eq	1.0.1.h
openssl	le	1.0.206
openssl	le	1.0.1h
openssl	le	1.0.111
openssl-osx	le	1.0.206
openssl-static	le	1.0.2.c1
openssl	eq	1.0.1e__16.el6_5
openssl	eq	1.0.0__4.el6_0.1
openssl	eq	0.9.8b__8.3.el5
openssl	eq	1.0.1e__30.el6

Rows per page:

1-10 of 1221

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

marc.info/?l=bugtraq&m=145889460330120&w=2

openssl.org/news/secadv/20160301.txt

rhn.redhat.com/errata/RHSA-2016-2957.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

www.debian.org/security/2016/dsa-3500

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/83763

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1035133

www.ubuntu.com/usn/USN-2914-1

bugzilla.redhat.com/show_bug.cgi?id=1311880

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git;a=commit;h=c175308407858afff3fc8c2e5e085d94d12edc7d

github.com/FredericJacobs/OpenSSL-Pod/blob/master/1.0.207/OpenSSL.podspec#L14

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168

kc.mcafee.com/corporate/index?page=content&id=SB10156

security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc

security.gentoo.org/glsa/201603-15

www.openssl.org/news/secadv/20160301.txt

www.openssl.org/news/vulnerabilities.html