Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.8
EPSS Score
28.94%
Published
2016-09-16
Updated
2023-02-12
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Max CVSS
7.8
EPSS Score
45.85%
Published
2016-09-26
Updated
2022-12-13
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Max CVSS
5.9
EPSS Score
25.94%
Published
2016-09-26
Updated
2022-12-13
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Max CVSS
7.5
EPSS Score
42.75%
Published
2016-09-26
Updated
2022-08-16
4 vulnerabilities found