Vulnerabilidades em OpenSSL Software Foundation

4 resultados

CVE-2017-3737—OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a hEPSS 78.7%CVE-2017-3735—While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrEPSS 17.7%CVE-2017-3738—There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are aEPSS 13.4%CVE-2017-3736—There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algoritEPSS 10.1%