[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4018-1 openssl -- openssl

ID: oval:org.secpod.oval:def:603153Date: (C)2017-12-04   (M)2023-12-20
Class: PATCHFamily: unix




Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171102.txt

Platform:
Debian 9.x
Product:
libcrypto1.1-udeb
libssl1.1
libssl-dev
openssl
libssl-doc
Reference:
DSA-4018-1
CVE-2017-3735
CVE-2017-3736
CVE    2
CVE-2017-3736
CVE-2017-3735
CPE    92
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/o:debian:debian_linux:9.0
cpe:/a:openssl:openssl:1.0.0g
...

© SecPod Technologies