Debian OpenSSL vulnerabilities

CVE-2017-3738 [HIGH] CVE-2017-3738: openssl - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in... There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work n

CVE-2016-0799 [CRITICAL] CVE-2016-0799: openssl - The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1... The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability

CVE-2016-6303 [CRITICAL] CVE-2016-6303: openssl - Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSS... Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 1.0.2i-1) bullseye: resolved (fixed in 1.0.2i-1) forky: resolved (fix

CVE-2016-2108 [CRITICAL] CVE-2016-2108: openssl - The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows... The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. Scope: local bookworm: resolved (fixed in 1.0.2c-1) bullseye: resolved (fixed in 1.0.2c-1) forky

CVE-2016-2842 [CRITICAL] CVE-2016-2842: openssl - The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s ... The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of AS

CVE-2016-2182 [CRITICAL] CVE-2016-2182: openssl - The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not ... The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 1.0.2i-1) bullseye: resolved (fixed in 1.0

CVE-2016-0705 [CRITICAL] CVE-2016-0705: openssl - Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_amet... Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. Scope: local bookworm: resolved (fixed in 1.0.2g-1) bullseye: resolved (fixed i

CVE-2016-2180 [HIGH] CVE-2016-2180: openssl - The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infr... The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. Scope: local bookworm: resolved (fixed

CVE-2016-0798 [HIGH] CVE-2016-0798: openssl - Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before ... Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. Scope: local bookworm: resolved (fixed in 1.0.2g-1) bullseye: resolved (fi

CVE-2016-8610 [HIGH] CVE-2016-8610: openssl - A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h... A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Scope: local bookworm: resolve

CVE-2016-7053 [HIGH] CVE-2016-7053: openssl - In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can ... In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback

CVE-2016-6304 [HIGH] CVE-2016-6304: openssl - Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i,... Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. Scope: local bookworm: resolved (fixed in 1.0.2i-1) bullseye: resolved (fixed in 1.0.2i-1) forky: resolved (fixed in 1.0.2i-1) sid: resolved (fixed in

CVE-2016-2181 [HIGH] CVE-2016-2181: openssl - The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 misha... The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. Scope: local bookworm: resolved (fixed in 1.0.2

CVE-2016-6302 [HIGH] CVE-2016-6302: openssl - The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not... The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. Scope: local bookworm: resolved (fixed in 1.0.2i-1) bullseye: resolved (fixed in 1.0.2i-1) forky: resolved (fixed in 1.0.2i-1) sid: res

CVE-2016-7052 [HIGH] CVE-2016-7052: openssl - crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a deni... crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. Scope: local bookworm: resolved (fixed in 1.0.2j-1) bullseye: resolved (fixed in 1.0.2j-1) forky: resolved (fixed in 1.0.2j-1) sid: resolved (fixed in 1.0.2j-1) trixie: resolved (fixed in 1.0.2j-1

CVE-2016-0797 [HIGH] CVE-2016-0797: openssl - Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2... Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c

CVE-2016-2109 [HIGH] CVE-2016-2109: openssl - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implem... The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. Scope: local bookworm: resolved (fixed in 1.0.2h-1) bullseye: resolved (fixed in 1.0.2h-1) forky: resolved (fixed in 1.0.2h-1) s

CVE-2016-7054 [HIGH] CVE-2016-7054: openssl - In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 cipher... In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. Scope: local bookworm: resolved (fixed in 1.1.0c-1) bullseye: resolved (fixed in 1.1.0c-1) forky: resolved (fixed in 1.1.0

CVE-2016-2106 [HIGH] CVE-2016-2106: openssl - Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in Op... Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. Scope: local bookworm: resolved (fixed in 1.0.2h-1) bullseye: resolved (fixed in 1.0.2h-1) forky: resolved (fixed in 1.0.2h-1) sid: resolved

CVE-2016-2179 [HIGH] CVE-2016-2179: openssl - The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the l... The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. Scope: local