openssl_project/openssl: The latest CVE Vulnerabilities and Exploits for Penetration Test
openssl_project/openssl Vulnerability Summary
- Vendor name: openssl_project
- Product name: openssl
- Total vulnerabilities: 2 (as 2023-05-04)
openssl_project/openssl Vulnerability List
CVE-2018-20997: An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in…
Published: 2019-08-26T18:15:00 Last Modified: 2019-08-30T12:41:00
Summary
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-20997 vulnerability.
References
See also: All popular products CVE Vulnerabilities of openssl_project
CVE-2016-10931: An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-…
Published: 2019-08-26T12:15:00 Last Modified: 2019-09-03T20:31:00
Summary
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2016-10931 vulnerability.
References
See also: All popular products CVE Vulnerabilities of openssl_project