Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/71940
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1033378
https://bto.bluecoat.com/security-advisory/sa88
https://exchange.xforce.ibmcloud.com/vulnerabilities/99704
https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
OR
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
137479 | EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2020-1637) | Nessus | Huawei Local Security Checks | medium |
90251 | HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK) | Nessus | Web Servers | high |
85803 | HP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK) | Nessus | Misc. | high |
85802 | HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK) | Nessus | Windows | high |
84998 | openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam) | Nessus | SuSE Local Security Checks | high |
84923 | HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK) | Nessus | Web Servers | high |
83860 | SUSE SLED11 / SLES11 Security Update : MySQL (SUSE-SU-2015:0946-1) (FREAK) | Nessus | SuSE Local Security Checks | medium |
83528 | Cisco NX-OS OpenSSL Multiple Vulnerabilities (cisco-sa-20150310-ssl) (FREAK) | Nessus | CISCO | medium |
83527 | Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK) | Nessus | Web Servers | medium |
83526 | Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK) | Nessus | Web Servers | medium |
83490 | Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK) | Nessus | Web Servers | high |
82315 | Mandriva Linux Security Advisory : openssl (MDVSA-2015:062) | Nessus | Mandriva Local Security Checks | high |
82271 | Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(7021) <= 4.0(48) Multiple Vulnerabilities (FREAK) | Nessus | MacOS X Local Security Checks | medium |
82270 | Cisco AnyConnect Secure Mobility Client < 3.1(7021) / <= 4.0(48) Multiple Vulnerabilities (FREAK) | Nessus | Windows | medium |
81815 | McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK) | Nessus | Firewalls | medium |
81406 | AIX OpenSSL Advisory : openssl_advisory12.asc (FREAK) | Nessus | AIX Local Security Checks | medium |
80991 | openSUSE Security Update : openssl (openSUSE-SU-2015:0130-1) (FREAK) | Nessus | SuSE Local Security Checks | medium |
80929 | OracleVM 3.3 : openssl (OVMSA-2015-0005) (FREAK) | Nessus | OracleVM Local Security Checks | medium |
80925 | FreeBSD : LibreSSL -- DTLS vulnerability (f9c388c5-a256-11e4-992a-7b2a515a1247) | Nessus | FreeBSD Local Security Checks | medium |
80905 | Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK) | Nessus | Scientific Linux Local Security Checks | medium |
80879 | RHEL 6 / 7 : openssl (RHSA-2015:0066) (FREAK) | Nessus | Red Hat Local Security Checks | medium |
80877 | Oracle Linux 6 / 7 : openssl (ELSA-2015-0066) (FREAK) | Nessus | Oracle Linux Local Security Checks | medium |
80874 | Fedora 20 : openssl-1.0.1e-41.fc20 (2015-0601) | Nessus | Fedora Local Security Checks | medium |
80867 | CentOS 6 / 7 : openssl (CESA-2015:0066) | Nessus | CentOS Local Security Checks | medium |
80568 | OpenSSL 1.0.1 < 1.0.1k Multiple Vulnerabilities (FREAK) | Nessus | Web Servers | medium |
80567 | OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities (FREAK) | Nessus | Web Servers | medium |
80471 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : openssl vulnerabilities (USN-2459-1) (FREAK) | Nessus | Ubuntu Local Security Checks | medium |
80464 | Fedora 21 : openssl-1.0.1k-1.fc21 (2015-0512) | Nessus | Fedora Local Security Checks | medium |
80461 | Amazon Linux AMI : openssl (ALAS-2015-469) (FREAK) | Nessus | Amazon Linux Local Security Checks | medium |
80456 | Mandriva Linux Security Advisory : openssl (MDVSA-2015:019) | Nessus | Mandriva Local Security Checks | medium |
80446 | Debian DSA-3125-1 : openssl - security update (FREAK) | Nessus | Debian Local Security Checks | medium |
80443 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK) | Nessus | Slackware Local Security Checks | medium |
8617 | OpenSSL < 1.0.1k / < 1.0.0p / < 0.9.8zd Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
80424 | FreeBSD : OpenSSL -- multiple vulnerabilities (4e536c14-9791-11e4-977d-d050992ecde8) (FREAK) | Nessus | FreeBSD Local Security Checks | medium |