Описание
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | released | 2.12.23-12ubuntu2.7 |
| precise | released | 2.12.14-5ubuntu3.13 |
| precise/esm | not-affected | 2.12.14-5ubuntu3.13 |
| trusty | released | 2.12.23-12ubuntu2.7 |
| trusty/esm | released | 2.12.23-12ubuntu2.7 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.5.6-4ubuntu2 |
| bionic | not-affected | 3.5.6-4ubuntu2 |
| cosmic | not-affected | 3.5.6-4ubuntu2 |
| devel | not-affected | 3.5.6-4ubuntu2 |
| disco | not-affected | 3.5.6-4ubuntu2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/bionic | not-affected | 3.5.6-4ubuntu2 |
| esm-infra/xenial | released | 3.4.10-4ubuntu1.2 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1.0.2g-1ubuntu11 |
| bionic | released | 1.0.2g-1ubuntu11 |
| cosmic | released | 1.0.2g-1ubuntu11 |
| devel | released | 1.0.2g-1ubuntu11 |
| disco | released | 1.0.2g-1ubuntu11 |
| esm-infra-legacy/trusty | released | 1.0.1f-1ubuntu2.22 |
| esm-infra/bionic | released | 1.0.2g-1ubuntu11 |
| esm-infra/xenial | released | 1.0.2g-1ubuntu4.6 |
| precise | released | 1.0.1-4ubuntu5.39 |
| precise/esm | not-affected | 1.0.1-4ubuntu5.39 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was needed |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 thro ...
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3