OpenSSL    
 Newsflash |  State |  Announce |  News |  ChangeLog |  Vulnerabilities |  Internet 
 
Title
FAQ
About
News
Documents
Source
Contribution
Support
Related

 

OpenSSL vulnerabilities

This page lists all security vulnerabilities fixed in released versions of OpenSSL since 0.9.6a was released on 5th April 2001.

2006

CVE-2006-4343: 28th September 2006

A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (original advisory)

Fixed in OpenSSL 0.9.7l (Affected 0.9.7k, 0.9.7j, 0.9.7i, 0.9.7h, 0.9.7g, 0.9.7f, 0.9.7e, 0.9.7d, 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.8d (Affected 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)

CVE-2006-4339: 5th September 2006

Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures where under certain circumstances it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by OpenSSL. (original advisory)

Fixed in OpenSSL 0.9.7k (Affected 0.9.7j, 0.9.7i, 0.9.7h, 0.9.7g, 0.9.7f, 0.9.7e, 0.9.7d, 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.8c (Affected 0.9.8b, 0.9.8a, 0.9.8)

CVE-2006-3738: 28th September 2006

A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. (original advisory)

Fixed in OpenSSL 0.9.7l (Affected 0.9.7k, 0.9.7j, 0.9.7i, 0.9.7h, 0.9.7g, 0.9.7f, 0.9.7e, 0.9.7d, 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.8d (Affected 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)

CVE-2006-2940: 28th September 2006

Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (original advisory)

Fixed in OpenSSL 0.9.7l (Affected 0.9.7k, 0.9.7j, 0.9.7i, 0.9.7h, 0.9.7g, 0.9.7f, 0.9.7e, 0.9.7d, 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.8d (Affected 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)

CVE-2006-2937: 28th September 2006

During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (original advisory)

Fixed in OpenSSL 0.9.7l (Affected 0.9.7k, 0.9.7j, 0.9.7i, 0.9.7h, 0.9.7g, 0.9.7f, 0.9.7e, 0.9.7d, 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.8d (Affected 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)

2005

CVE-2005-2969: 11th October 2005

A deprecated option, SSL_OP_MISE_SSLV2_RSA_PADDING, could allow an attacker acting as a "man in the middle" to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. (original advisory)

Fixed in OpenSSL 0.9.7h (Affected 0.9.7g, 0.9.7f, 0.9.7e, 0.9.7d, 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.8a (Affected 0.9.8)

2004

CVE-2004-0975: 30th September 2004

The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution.

Fixed in OpenSSL 0.9.7f (Affected 0.9.7e, 0.9.7d, 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.6-cvs (Affected 0.9.6m, 0.9.6l, 0.9.6k, 0.9.6j, 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)

CVE-2004-0112: 17th March 2004

A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. (original advisory)

Fixed in OpenSSL 0.9.7d (Affected 0.9.7c, 0.9.7b, 0.9.7a)

CVE-2004-0081: 17th March 2004

The Codenomicon TLS Test Tool found that some unknown message types were handled incorrectly, allowing a remote attacker to cause a denial of service (infinite loop). (original advisory)

CVE-2004-0079: 17th March 2004

The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash. (original advisory)

Fixed in OpenSSL 0.9.7d (Affected 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.6m (Affected 0.9.6l, 0.9.6k, 0.9.6j, 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c)

2003

CVE-2003-0851: 4th November 2003

A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them. (original advisory)

Fixed in OpenSSL 0.9.6l (Affected 0.9.6k)

CVE-2003-0545: 30th September 2003

Certain ASN.1 encodings that were rejected as invalid by the parser could trigger a bug in the deallocation of the corresponding data structure, corrupting the stack, leading to a crash. (original advisory)

Fixed in OpenSSL 0.9.7c (Affected 0.9.7b, 0.9.7a, 0.9.7)

CVE-2003-0544: 30th September 2003

Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote attackers to cause a denial of service (crash) by sending an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. (original advisory)

Fixed in OpenSSL 0.9.6k (Affected 0.9.6j, 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
Fixed in OpenSSL 0.9.7c (Affected 0.9.7b, 0.9.7a, 0.9.7)

CVE-2003-0543: 30th September 2003

An integer overflow could allow remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. (original advisory)

Fixed in OpenSSL 0.9.7c (Affected 0.9.7b, 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.6k (Affected 0.9.6j, 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)

CVE-2003-0147: 14th March 2003

RSA blinding was not enabled by default, which could allow local and remote attackers to obtain a server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). (original advisory)

Fixed in OpenSSL 0.9.7b (Affected 0.9.7a, 0.9.7)
Fixed in OpenSSL 0.9.6j (Affected 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)

CVE-2003-0131: 19th March 2003

The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack" (original advisory)

Fixed in OpenSSL 0.9.6j (Affected 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
Fixed in OpenSSL 0.9.7b (Affected 0.9.7a, 0.9.7)

CVE-2003-0078: 19th February 2003

sl3_get_record in s3_pkt.c did not perform a MAC computation if an incorrect block cipher padding was used, causing an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." (original advisory)

Fixed in OpenSSL 0.9.7a (Affected 0.9.7)
Fixed in OpenSSL 0.9.6i (Affected 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)

2002

CVE-2002-0659: 30th July 2002

A flaw in the ASN1 library allowed remote attackers to cause a denial of service by sending invalid encodings.

Fixed in OpenSSL 0.9.6e (Affected 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a)

CVE-2002-0657: 30th July 2002

A buffer overflow when Kerberos is enabled allowed attackers to execute arbitrary code by sending a long master key. Note that this flaw did not affect any released version of 0.9.6 or 0.9.7 (original advisory)

CVE-2002-0656: 30th July 2002

A buffer overflow allowed remote attackers to execute arbitrary code by sending a large client master key in SSL2 or a large session ID in SSL3. (original advisory)

Fixed in OpenSSL 0.9.6e (Affected 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)

CVE-2002-0655: 30th July 2002

Inproper handling of ASCII representations of integers on 64 bit platforms allowed remote attackers to cause a denial of service or possibly execute arbitrary code. (original advisory)

Fixed in OpenSSL 0.9.6e (Affected 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)