OpenSSL

Cryptography and SSL/TLS Toolkit

Vulnerabilities

If you think you have found a security bug in OpenSSL, please report it to us.

Note: Support for OpenSSL 0.9.6 ended and is no longer receiving security updates

Show issues fixed only in OpenSSL 1.1.0, 1.0.2, 1.0.1, 1.0.0, 0.9.8, 0.9.7, 0.9.6, or all versions

Fixed in OpenSSL 0.9.6

Jump to year: 2004, 2003, 2002

2004

CVE-2004-0975 30 September 2004:
The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution.
  • Fixed in OpenSSL 0.9.6-cvs (Affected 0.9.6-0.9.6m)
  • This issue was also addressed in OpenSSL 0.9.7f
CVE-2004-0081 (OpenSSL advisory) 17 March 2004:
The Codenomicon TLS Test Tool found that some unknown message types were handled incorrectly, allowing a remote attacker to cause a denial of service (infinite loop). Reported by OpenSSL group.
  • Fixed in OpenSSL 0.9.6d (Affected 0.9.6-0.9.6c)
CVE-2004-0079 (OpenSSL advisory) 17 March 2004:
The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash. Reported by OpenSSL group.
  • Fixed in OpenSSL 0.9.6m (Affected 0.9.6c-0.9.6l)
  • This issue was also addressed in OpenSSL 0.9.7d

2003

CVE-2003-0851 (OpenSSL advisory) 04 November 2003:
A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them. Reported by Novell.
  • Fixed in OpenSSL 0.9.6l (Affected 0.9.6k)
CVE-2003-0544 (OpenSSL advisory) 30 September 2003:
Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote attackers to cause a denial of service (crash) by sending an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Reported by NISCC.
  • Fixed in OpenSSL 0.9.6k (Affected 0.9.6-0.9.6j)
  • This issue was also addressed in OpenSSL 0.9.7c
CVE-2003-0543 (OpenSSL advisory) 30 September 2003:
An integer overflow could allow remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Reported by NISCC.
  • Fixed in OpenSSL 0.9.6k (Affected 0.9.6-0.9.6j)
  • This issue was also addressed in OpenSSL 0.9.7c
CVE-2003-0131 (OpenSSL advisory) 19 March 2003:
The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack"
  • Fixed in OpenSSL 0.9.6j (Affected 0.9.6-0.9.6i)
  • This issue was also addressed in OpenSSL 0.9.7b
CVE-2003-0147 (OpenSSL advisory) 14 March 2003:
RSA blinding was not enabled by default, which could allow local and remote attackers to obtain a server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
  • Fixed in OpenSSL 0.9.6j (Affected 0.9.6-0.9.6i)
  • This issue was also addressed in OpenSSL 0.9.7b
CVE-2003-0078 (OpenSSL advisory) 19 February 2003:
sl3_get_record in s3_pkt.c did not perform a MAC computation if an incorrect block cipher padding was used, causing an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
  • Fixed in OpenSSL 0.9.6i (Affected 0.9.6-0.9.6h)
  • This issue was also addressed in OpenSSL 0.9.7a

2002

CVE-2002-1568 08 August 2002:
The use of assertions when detecting buffer overflow attacks allowed remote attackers to cause a denial of service (crash) by sending certain messages to cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which were not properly handled in s2_srvr.c.
CVE-2002-0659 (OpenSSL advisory) 30 July 2002:
A flaw in the ASN1 library allowed remote attackers to cause a denial of service by sending invalid encodings.
  • Fixed in OpenSSL 0.9.6e (Affected 0.9.6a-0.9.6d)
CVE-2002-0656 (OpenSSL advisory) 30 July 2002:
A buffer overflow allowed remote attackers to execute arbitrary code by sending a large client master key in SSL2 or a large session ID in SSL3. Reported by OpenSSL Group (A.L. Digital).
  • Fixed in OpenSSL 0.9.6e (Affected 0.9.6-0.9.6d)
CVE-2002-0655 (OpenSSL advisory) 30 July 2002:
Inproper handling of ASCII representations of integers on 64 bit platforms allowed remote attackers to cause a denial of service or possibly execute arbitrary code. Reported by OpenSSL Group (A.L. Digital).
  • Fixed in OpenSSL 0.9.6e (Affected 0.9.6-0.9.6d)