Количество 35
Количество 35
CVE-2021-23841
The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...
CVE-2021-23840
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVE-2021-23840
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVE-2021-23840
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVE-2021-23840
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...
GHSA-84rm-qf37-fgc2
Integer Overflow in openssl-src
BDU:2021-03744
Уязвимость функции X509_issuer_and_serial_hash() инструментария для протоколов TLS и SSL OpenSSL, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
GHSA-qgm6-9472-pwq7
Integer Overflow in openssl-src
BDU:2021-03742
Уязвимость функций EVP_CipherUpdate, EVP_EncryptUpdate и EVP_DecryptUpdate инструментария для протоколов TLS и SSL OpenSSL, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
openSUSE-SU-2021:0372-1
Security update for nodejs10
openSUSE-SU-2021:0357-1
Security update for nodejs12
SUSE-SU-2021:0674-1
Security update for nodejs10
SUSE-SU-2021:0673-1
Security update for nodejs10
SUSE-SU-2021:0651-1
Security update for nodejs12
SUSE-SU-2021:0649-1
Security update for nodejs12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts ... | CVSS3: 5.9 | 1% Низкий | больше 4 лет назад |
 | CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | CVSS3: 7.5 | 1% Низкий | больше 4 лет назад |
 | CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | CVSS3: 7.5 | 1% Низкий | больше 4 лет назад |
 | CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | CVSS3: 7.5 | 1% Низкий | больше 4 лет назад |
| CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ... | CVSS3: 7.5 | 1% Низкий | больше 4 лет назад |
| GHSA-84rm-qf37-fgc2 Integer Overflow in openssl-src | CVSS3: 5.9 | 1% Низкий | почти 4 года назад |
 | BDU:2021-03744 Уязвимость функции X509_issuer_and_serial_hash() инструментария для протоколов TLS и SSL OpenSSL, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.9 | 1% Низкий | больше 4 лет назад |
| GHSA-qgm6-9472-pwq7 Integer Overflow in openssl-src | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
| BDU:2021-03742 Уязвимость функций EVP_CipherUpdate, EVP_EncryptUpdate и EVP_DecryptUpdate инструментария для протоколов TLS и SSL OpenSSL, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 1% Низкий | больше 4 лет назад |
 | openSUSE-SU-2021:0372-1 Security update for nodejs10 | больше 4 лет назад | ||
| openSUSE-SU-2021:0357-1 Security update for nodejs12 | больше 4 лет назад | ||
| SUSE-SU-2021:0674-1 Security update for nodejs10 | больше 4 лет назад | ||
| SUSE-SU-2021:0673-1 Security update for nodejs10 | больше 4 лет назад | ||
| SUSE-SU-2021:0651-1 Security update for nodejs12 | больше 4 лет назад | ||
| SUSE-SU-2021:0649-1 Security update for nodejs12 | больше 4 лет назад |
Уязвимостей на страницу