Vulnerabilities (CVE)

Vendor filter

Openssl Subscribe

Filter

19 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-7056 4 Openssl, Canonical, Debian and 1 more 4 Openssl, Ubuntu Linux, Debian Linux and 1 more 2019-10-09 2.1
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2013-0169 3 Openssl, Oracle, Polarssl 3 Polarssl, Openjdk, Openssl 2019-10-09 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC...
CVE-2019-1547 1 Openssl 1 Openssl 2019-09-12 1.9
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those...
CVE-2019-1552 1 Openssl 1 Openssl 2019-08-23 1.9
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix /...
CVE-2018-5407 7 Nodejs, Openssl, Canonical and 4 more 20 Node.js, Openssl, Ubuntu Linux and 17 more 2019-07-23 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2016-7055 1 Openssl 1 Openssl 2019-07-02 2.6
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA,...
CVE-2015-1787 1 Openssl 1 Openssl 2018-11-29 2.6
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a...
CVE-2016-2107 6 Hp, Openssl, Google and 3 more 14 Leap, Openssl, Enterprise Linux Desktop and 11 more 2018-10-30 2.6
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack...
CVE-2007-3108 1 Openssl 1 Openssl 2018-10-16 1.2
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
CVE-2018-12433 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a...
CVE-2018-12437 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual...
CVE-2018-12438 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the...
CVE-2016-2178 3 Suse, Openssl, Oracle 4 Linux, Solaris, Linux Enterprise and 1 more 2018-07-12 2.1
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
CVE-2016-0702 1 Openssl 1 Openssl 2018-01-05 1.9
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to...
CVE-2014-0076 1 Openssl 1 Openssl 2017-12-16 1.9
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
CVE-2016-0701 1 Openssl 1 Openssl 2017-12-13 2.6
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH...
CVE-2004-0975 3 Gentoo, Openssl, Mandrakesoft 5 Mandrake Linux Corporate Server, Mandrake Linux, Mandrake Multi Network Firewall and 2 more 2017-10-11 2.1
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
CVE-2009-0591 1 Openssl 1 Openssl 2017-08-17 2.6
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be...
CVE-2011-1945 1 Openssl 1 Openssl 2013-06-06 2.6
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which...