Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSL < 0.9.8o / 1.0.0a Multiple Vulnerabilities



The remote web server is vulnerable to multiple attack vectors.


Versions of OpenSSL earlier than 0.9.8o and 1.0.0a are potentially affected by multiple vulnerabilities :

- CMS structures containing 'OriginatorInfo' are mishandled which can cause the application to write to invalid memory addresses or free up memory twice. Note that this only affects OpenSSL with CMS code present. (CVE-2010-0742)

- When verification recovery fails for RSA keys, an uninitialized buffer with an undefined length is returned instead of an error code. Note that this only affects OpenSSL 1.0.0. (CVE-2010-1633)


Upgrade to OpenSSL 0.9.8o, 1.0.0, or later.