|Title:||OpenSSL Multiple Vulnerabilities - Nov 2017 (Linux)|
|Summary:||This host is running OpenSSL and is prone; to multiple vulnerabilities.|
This host is running OpenSSL and is prone
to multiple vulnerabilities.
Multiple flaws exist due to,
- A carry propagating bug in the x86_64 Montgomery squaring procedure.
- Malformed X.509 IPAddressFamily which could cause OOB read.
Successful exploitation will allow a remote attacker to recover keys (private or secret keys) or to cause a buffer overread which lead to erroneous display of the certificate in text format.
Impact Level: Application
OpenSSL 1.1.0 before 1.1.0g and 1.0.2 before 1.0.2m
Upgrade to OpenSSL version 1.1.0g or 1.0.2m or later. For updates refer to https://www.openssl.org
Common Vulnerability Exposure (CVE) ID: CVE-2017-3735|
Debian Security Information: DSA-4017 (Google Search)
Debian Security Information: DSA-4018 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-17:11
BugTraq ID: 100515
Common Vulnerability Exposure (CVE) ID: CVE-2017-3736
BugTraq ID: 101666
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 58880 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.