The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
Max CVSS
4.3
EPSS Score
90.62%
Published
2013-12-23
Updated
2018-10-09
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Max CVSS
5.0
EPSS Score
0.68%
Published
2013-02-08
Updated
2018-08-09
2 vulnerabilities found