# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-29632 |
|
|
|
2022-01-18 |
2022-03-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory. |
2 |
CVE-2021-29629 |
20 |
|
DoS |
2021-05-28 |
2022-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively. |
3 |
CVE-2021-29628 |
863 |
|
|
2021-05-28 |
2022-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit. |
4 |
CVE-2021-3450 |
295 |
|
Bypass |
2021-03-25 |
2022-07-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). |
5 |
CVE-2020-25580 |
697 |
|
|
2021-03-26 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. |
6 |
CVE-2020-25579 |
909 |
|
|
2021-03-26 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. |
7 |
CVE-2020-25578 |
200 |
|
+Info |
2021-03-26 |
2021-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. |
8 |
CVE-2020-7469 |
416 |
|
|
2021-06-04 |
2022-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free. |
9 |
CVE-2020-7464 |
74 |
|
|
2021-03-26 |
2021-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs. |
10 |
CVE-2020-7451 |
200 |
|
+Info |
2020-04-28 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network. |
11 |
CVE-2020-1967 |
476 |
|
DoS |
2020-04-21 |
2021-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). |
12 |
CVE-2019-15879 |
362 |
|
|
2020-05-13 |
2020-05-18 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. |
13 |
CVE-2019-5610 |
125 |
|
DoS |
2019-08-30 |
2023-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. |
14 |
CVE-2019-5598 |
20 |
|
Bypass |
2019-05-15 |
2019-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. |
15 |
CVE-2018-6924 |
20 |
|
|
2018-09-12 |
2018-11-26 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. |
16 |
CVE-2018-6922 |
400 |
|
|
2018-08-09 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost. |
17 |
CVE-2018-6919 |
200 |
|
+Info |
2018-04-04 |
2018-05-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data. |
18 |
CVE-2018-6917 |
190 |
|
Overflow |
2018-04-04 |
2018-05-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data. |
19 |
CVE-2017-13086 |
330 |
|
|
2017-10-17 |
2019-10-03 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
20 |
CVE-2017-13084 |
330 |
|
|
2017-10-17 |
2019-10-03 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
21 |
CVE-2017-13082 |
330 |
|
|
2017-10-17 |
2019-10-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
22 |
CVE-2017-13077 |
330 |
|
|
2017-10-17 |
2019-10-03 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
23 |
CVE-2017-1082 |
20 |
|
Overflow |
2018-09-12 |
2018-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern. |
24 |
CVE-2016-2518 |
125 |
|
|
2017-01-30 |
2021-06-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. |
25 |
CVE-2016-1888 |
287 |
|
Bypass |
2017-02-15 |
2017-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." |
26 |
CVE-2015-7973 |
254 |
|
|
2017-01-30 |
2021-04-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. |
27 |
CVE-2015-1417 |
400 |
|
DoS |
2017-07-25 |
2019-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections. |
28 |
CVE-2014-8117 |
399 |
|
DoS |
2014-12-17 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. |
29 |
CVE-2014-8116 |
399 |
|
DoS |
2014-12-17 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. |
30 |
CVE-2014-5384 |
119 |
|
DoS Overflow |
2014-08-21 |
2014-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types. |
31 |
CVE-2014-3955 |
20 |
|
DoS |
2014-10-27 |
2019-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. |
32 |
CVE-2014-3951 |
|
|
DoS |
2014-08-21 |
2014-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference. |
33 |
CVE-2014-3711 |
399 |
|
DoS |
2014-10-27 |
2019-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names. |
34 |
CVE-2014-3001 |
264 |
|
Bypass |
2014-05-02 |
2014-05-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. |
35 |
CVE-2014-1452 |
119 |
|
DoS Exec Code Overflow |
2014-01-21 |
2019-03-18 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request. |
36 |
CVE-2013-0211 |
189 |
|
DoS Overflow |
2013-09-30 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. |
37 |
CVE-2011-2480 |
200 |
|
+Info |
2019-11-27 |
2019-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. |
38 |
CVE-2007-6754 |
189 |
|
Overflow |
2012-07-25 |
2012-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors. |
39 |
CVE-2006-7252 |
189 |
|
Overflow |
2012-07-25 |
2012-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. |
40 |
CVE-2006-5680 |
|
|
DoS |
2006-11-09 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data. |
41 |
CVE-2006-0883 |
399 |
|
DoS |
2006-03-07 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. |
42 |
CVE-2006-0433 |
|
|
DoS |
2006-02-02 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop). |
43 |
CVE-2006-0381 |
|
|
DoS |
2006-01-25 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. |
44 |
CVE-2006-0054 |
|
|
DoS |
2006-01-11 |
2017-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. |
45 |
CVE-2005-2359 |
|
|
|
2005-08-05 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. |
46 |
CVE-2005-2068 |
|
|
|
2005-07-05 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. |
47 |
CVE-2005-2019 |
|
|
Bypass |
2005-07-05 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. |
48 |
CVE-2004-0171 |
|
|
DoS |
2004-03-15 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. |
49 |
CVE-2004-0112 |
|
|
DoS |
2004-11-23 |
2021-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. |
50 |
CVE-2004-0081 |
|
|
DoS |
2004-11-23 |
2021-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. |