diff --git a/vulnerabilities/importer.py b/vulnerabilities/importer.py index 6fdfb3ef2..bcc711f9d 100644 --- a/vulnerabilities/importer.py +++ b/vulnerabilities/importer.py @@ -71,8 +71,8 @@ class Reference: severities: List[VulnerabilitySeverity] = dataclasses.field(default_factory=list) def __post_init__(self): - if not any([self.url, self.reference_id]): - raise TypeError + if not self.url: + raise TypeError("Reference must have a url") def normalized(self): severities = sorted(self.severities) diff --git a/vulnerabilities/importers/openssl.py b/vulnerabilities/importers/openssl.py index c58837a29..e280568f6 100644 --- a/vulnerabilities/importers/openssl.py +++ b/vulnerabilities/importers/openssl.py @@ -88,7 +88,9 @@ def to_advisory_data(xml_issue) -> AdvisoryData: cve = f"CVE-{cve}" madeup_alias = f"{madeup_alias}-{cve}" aliases.append(cve) - references.append(Reference(reference_id=cve)) + references.append( + Reference(reference_id=cve, url=f"https://nvd.nist.gov/vuln/detail/{cve}") + ) aliases.append(madeup_alias) elif info.tag == "affects": diff --git a/vulnerabilities/migrations/0020_auto_20220905_1248.py b/vulnerabilities/migrations/0020_auto_20220905_1248.py new file mode 100644 index 000000000..3d659c1e2 --- /dev/null +++ b/vulnerabilities/migrations/0020_auto_20220905_1248.py @@ -0,0 +1,21 @@ +# Generated by Django 4.0.4 on 2022-09-05 12:48 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('vulnerabilities', '0019_alter_vulnerabilityreference_options'), + ] + + def delete_reference_with_empty_urls(apps, _): + """ + Delete all references with empty URLs. + """ + Reference = apps.get_model("vulnerabilities", "VulnerabilityReference") + Reference.objects.filter(url="").delete() + + operations = [ + migrations.RunPython(delete_reference_with_empty_urls, migrations.RunPython.noop), + ] diff --git a/vulnerabilities/migrations/0021_alter_vulnerabilityreference_url.py b/vulnerabilities/migrations/0021_alter_vulnerabilityreference_url.py new file mode 100644 index 000000000..04d749ffd --- /dev/null +++ b/vulnerabilities/migrations/0021_alter_vulnerabilityreference_url.py @@ -0,0 +1,18 @@ +# Generated by Django 4.0.4 on 2022-09-05 13:02 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('vulnerabilities', '0020_auto_20220905_1248'), + ] + + operations = [ + migrations.AlterField( + model_name='vulnerabilityreference', + name='url', + field=models.URLField(help_text='URL to the vulnerability reference', max_length=1024), + ), + ] diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index 457391fae..bd77d304f 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -106,9 +106,7 @@ class VulnerabilityReference(models.Model): through="VulnerabilityRelatedReference", ) - url = models.URLField( - max_length=1024, help_text="URL to the vulnerability reference", blank=True - ) + url = models.URLField(max_length=1024, help_text="URL to the vulnerability reference") reference_id = models.CharField( max_length=200, help_text="An optional reference ID, such as DSA-4465-1 when available", diff --git a/vulnerabilities/tests/test_data/openssl/improver/improver-advisories.json b/vulnerabilities/tests/test_data/openssl/improver/improver-advisories.json index 210b92cf3..594c28688 100644 --- a/vulnerabilities/tests/test_data/openssl/improver/improver-advisories.json +++ b/vulnerabilities/tests/test_data/openssl/improver/improver-advisories.json @@ -46,7 +46,7 @@ "references": [ { "reference_id": "CVE-2022-0778", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "severities": [] }, { @@ -124,7 +124,7 @@ "references": [ { "reference_id": "CVE-2021-4160", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160", "severities": [] }, { @@ -178,7 +178,7 @@ "references": [ { "reference_id": "CVE-2021-4044", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044", "severities": [] }, { @@ -234,7 +234,7 @@ "references": [ { "reference_id": "CVE-2020-1971", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971", "severities": [] }, { diff --git a/vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json b/vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json index e6daed092..dd97cbd0d 100644 --- a/vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json +++ b/vulnerabilities/tests/test_data/openssl/improver/improver-inferences-expected.json @@ -36,7 +36,7 @@ "references": [ { "reference_id": "CVE-2022-0778", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "severities": [] }, { @@ -199,7 +199,7 @@ "references": [ { "reference_id": "CVE-2022-0778", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "severities": [] }, { @@ -482,7 +482,7 @@ "references": [ { "reference_id": "CVE-2022-0778", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "severities": [] }, { @@ -541,7 +541,7 @@ "references": [ { "reference_id": "CVE-2021-4160", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160", "severities": [] }, { @@ -696,7 +696,7 @@ "references": [ { "reference_id": "CVE-2021-4160", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160", "severities": [] }, { @@ -971,7 +971,7 @@ "references": [ { "reference_id": "CVE-2021-4160", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160", "severities": [] }, { @@ -1030,7 +1030,7 @@ "references": [ { "reference_id": "CVE-2021-4044", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044", "severities": [] }, { @@ -1143,7 +1143,7 @@ "references": [ { "reference_id": "CVE-2020-1971", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971", "severities": [] }, { @@ -1381,7 +1381,7 @@ "references": [ { "reference_id": "CVE-2020-1971", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971", "severities": [] }, { diff --git a/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json b/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json index 67290225e..b6abfff33 100644 --- a/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json +++ b/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json @@ -46,7 +46,7 @@ "references": [ { "reference_id": "CVE-2022-0778", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "severities": [] }, { @@ -124,7 +124,7 @@ "references": [ { "reference_id": "CVE-2021-4160", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160", "severities": [] }, { @@ -178,7 +178,7 @@ "references": [ { "reference_id": "CVE-2021-4044", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044", "severities": [] }, { @@ -222,7 +222,7 @@ "references": [ { "reference_id": "CVE-2021-3711", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711", "severities": [] }, { @@ -278,7 +278,7 @@ "references": [ { "reference_id": "CVE-2021-3712", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712", "severities": [] }, { @@ -327,7 +327,7 @@ "references": [ { "reference_id": "CVE-2021-3450", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "severities": [] }, { @@ -371,7 +371,7 @@ "references": [ { "reference_id": "CVE-2021-3449", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "severities": [] }, { @@ -427,7 +427,7 @@ "references": [ { "reference_id": "CVE-2021-23841", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841", "severities": [] }, { @@ -476,7 +476,7 @@ "references": [ { "reference_id": "CVE-2021-23839", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23839", "severities": [] }, { @@ -532,7 +532,7 @@ "references": [ { "reference_id": "CVE-2021-23840", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840", "severities": [] }, { @@ -593,7 +593,7 @@ "references": [ { "reference_id": "CVE-2020-1971", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971", "severities": [] }, { @@ -642,7 +642,7 @@ "references": [ { "reference_id": "CVE-2020-1968", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1968", "severities": [] }, { @@ -681,7 +681,7 @@ "references": [ { "reference_id": "CVE-2020-1967", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1967", "severities": [] }, { @@ -737,7 +737,7 @@ "references": [ { "reference_id": "CVE-2019-1551", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1551", "severities": [] }, { @@ -810,7 +810,7 @@ "references": [ { "reference_id": "CVE-2019-1547", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1547", "severities": [] }, { @@ -864,7 +864,7 @@ "references": [ { "reference_id": "CVE-2019-1549", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1549", "severities": [] }, { @@ -932,7 +932,7 @@ "references": [ { "reference_id": "CVE-2019-1563", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1563", "severities": [] }, { @@ -1010,7 +1010,7 @@ "references": [ { "reference_id": "CVE-2019-1552", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1552", "severities": [] }, { @@ -1081,7 +1081,7 @@ "references": [ { "reference_id": "CVE-2019-1543", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1543", "severities": [] }, { @@ -1130,7 +1130,7 @@ "references": [ { "reference_id": "CVE-2019-1559", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", "severities": [] }, { @@ -1186,7 +1186,7 @@ "references": [ { "reference_id": "CVE-2018-5407", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "severities": [] }, { @@ -1259,7 +1259,7 @@ "references": [ { "reference_id": "CVE-2018-0734", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", "severities": [] }, { @@ -1325,7 +1325,7 @@ "references": [ { "reference_id": "CVE-2018-0735", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735", "severities": [] }, { @@ -1386,7 +1386,7 @@ "references": [ { "reference_id": "CVE-2018-0732", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", "severities": [] }, { @@ -1447,7 +1447,7 @@ "references": [ { "reference_id": "CVE-2018-0737", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737", "severities": [] }, { @@ -1508,7 +1508,7 @@ "references": [ { "reference_id": "CVE-2018-0739", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739", "severities": [] }, { @@ -1557,7 +1557,7 @@ "references": [ { "reference_id": "CVE-2018-0733", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0733", "severities": [] }, { @@ -1601,7 +1601,7 @@ "references": [ { "reference_id": "CVE-2017-3737", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", "severities": [] }, { @@ -1657,7 +1657,7 @@ "references": [ { "reference_id": "CVE-2017-3738", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", "severities": [] }, { @@ -1718,7 +1718,7 @@ "references": [ { "reference_id": "CVE-2017-3736", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", "severities": [] }, { @@ -1779,7 +1779,7 @@ "references": [ { "reference_id": "CVE-2017-3735", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3735", "severities": [] }, { @@ -1828,7 +1828,7 @@ "references": [ { "reference_id": "CVE-2017-3733", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3733", "severities": [] }, { @@ -1884,7 +1884,7 @@ "references": [ { "reference_id": "CVE-2017-3731", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", "severities": [] }, { @@ -1933,7 +1933,7 @@ "references": [ { "reference_id": "CVE-2017-3730", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3730", "severities": [] }, { @@ -1989,7 +1989,7 @@ "references": [ { "reference_id": "CVE-2017-3732", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", "severities": [] }, { @@ -2038,7 +2038,7 @@ "references": [ { "reference_id": "CVE-2016-2183", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "severities": [] }, { @@ -2077,7 +2077,7 @@ "references": [ { "reference_id": "CVE-2016-7054", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7054", "severities": [] }, { @@ -2121,7 +2121,7 @@ "references": [ { "reference_id": "CVE-2016-7053", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7053", "severities": [] }, { @@ -2177,7 +2177,7 @@ "references": [ { "reference_id": "CVE-2016-7055", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", "severities": [] }, { @@ -2226,7 +2226,7 @@ "references": [ { "reference_id": "CVE-2016-6309", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6309", "severities": [] }, { @@ -2270,7 +2270,7 @@ "references": [ { "reference_id": "CVE-2016-7052", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7052", "severities": [] }, { @@ -2338,7 +2338,7 @@ "references": [ { "reference_id": "CVE-2016-6304", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304", "severities": [] }, { @@ -2392,7 +2392,7 @@ "references": [ { "reference_id": "CVE-2016-6305", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6305", "severities": [] }, { @@ -2448,7 +2448,7 @@ "references": [ { "reference_id": "CVE-2016-6303", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6303", "severities": [] }, { @@ -2509,7 +2509,7 @@ "references": [ { "reference_id": "CVE-2016-6302", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", "severities": [] }, { @@ -2570,7 +2570,7 @@ "references": [ { "reference_id": "CVE-2016-2182", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", "severities": [] }, { @@ -2621,7 +2621,7 @@ "references": [ { "reference_id": "CVE-2016-2180", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2180", "severities": [] }, { @@ -2672,7 +2672,7 @@ "references": [ { "reference_id": "CVE-2016-2177", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2177", "severities": [] }, { @@ -2723,7 +2723,7 @@ "references": [ { "reference_id": "CVE-2016-2178", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2178", "severities": [] }, { @@ -2774,7 +2774,7 @@ "references": [ { "reference_id": "CVE-2016-2179", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2179", "severities": [] }, { @@ -2835,7 +2835,7 @@ "references": [ { "reference_id": "CVE-2016-2181", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2181", "severities": [] }, { @@ -2896,7 +2896,7 @@ "references": [ { "reference_id": "CVE-2016-6306", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", "severities": [] }, { @@ -2945,7 +2945,7 @@ "references": [ { "reference_id": "CVE-2016-6307", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6307", "severities": [] }, { @@ -2989,7 +2989,7 @@ "references": [ { "reference_id": "CVE-2016-6308", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6308", "severities": [] }, { @@ -3045,7 +3045,7 @@ "references": [ { "reference_id": "CVE-2016-2108", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2108", "severities": [] }, { @@ -3096,7 +3096,7 @@ "references": [ { "reference_id": "CVE-2016-2107", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2107", "severities": [] }, { @@ -3152,7 +3152,7 @@ "references": [ { "reference_id": "CVE-2016-2105", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2105", "severities": [] }, { @@ -3203,7 +3203,7 @@ "references": [ { "reference_id": "CVE-2016-2106", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2106", "severities": [] }, { @@ -3254,7 +3254,7 @@ "references": [ { "reference_id": "CVE-2016-2109", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2109", "severities": [] }, { @@ -3305,7 +3305,7 @@ "references": [ { "reference_id": "CVE-2016-2176", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2176", "severities": [] }, { @@ -3356,7 +3356,7 @@ "references": [ { "reference_id": "CVE-2016-0800", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0800", "severities": [] }, { @@ -3407,7 +3407,7 @@ "references": [ { "reference_id": "CVE-2016-0705", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0705", "severities": [] }, { @@ -3458,7 +3458,7 @@ "references": [ { "reference_id": "CVE-2016-0798", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0798", "severities": [] }, { @@ -3509,7 +3509,7 @@ "references": [ { "reference_id": "CVE-2016-0797", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0797", "severities": [] }, { @@ -3560,7 +3560,7 @@ "references": [ { "reference_id": "CVE-2016-0799", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0799", "severities": [] }, { @@ -3611,7 +3611,7 @@ "references": [ { "reference_id": "CVE-2016-0702", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0702", "severities": [] }, { @@ -3686,7 +3686,7 @@ "references": [ { "reference_id": "CVE-2016-0703", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0703", "severities": [] }, { @@ -3761,7 +3761,7 @@ "references": [ { "reference_id": "CVE-2016-0704", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0704", "severities": [] }, { @@ -3800,7 +3800,7 @@ "references": [ { "reference_id": "CVE-2016-0701", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0701", "severities": [] }, { @@ -3851,7 +3851,7 @@ "references": [ { "reference_id": "CVE-2015-3197", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3197", "severities": [] }, { @@ -3890,7 +3890,7 @@ "references": [ { "reference_id": "CVE-2015-1794", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1794", "severities": [] }, { @@ -3929,7 +3929,7 @@ "references": [ { "reference_id": "CVE-2015-3193", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3193", "severities": [] }, { @@ -3980,7 +3980,7 @@ "references": [ { "reference_id": "CVE-2015-3194", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3194", "severities": [] }, { @@ -4055,7 +4055,7 @@ "references": [ { "reference_id": "CVE-2015-3195", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3195", "severities": [] }, { @@ -4118,7 +4118,7 @@ "references": [ { "reference_id": "CVE-2015-3196", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3196", "severities": [] }, { @@ -4169,7 +4169,7 @@ "references": [ { "reference_id": "CVE-2015-1793", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793", "severities": [] }, { @@ -4244,7 +4244,7 @@ "references": [ { "reference_id": "CVE-2015-1788", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1788", "severities": [] }, { @@ -4319,7 +4319,7 @@ "references": [ { "reference_id": "CVE-2015-1789", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789", "severities": [] }, { @@ -4394,7 +4394,7 @@ "references": [ { "reference_id": "CVE-2015-1790", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1790", "severities": [] }, { @@ -4469,7 +4469,7 @@ "references": [ { "reference_id": "CVE-2015-1792", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1792", "severities": [] }, { @@ -4544,7 +4544,7 @@ "references": [ { "reference_id": "CVE-2015-1791", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1791", "severities": [] }, { @@ -4607,7 +4607,7 @@ "references": [ { "reference_id": "CVE-2014-8176", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8176", "severities": [] }, { @@ -4646,7 +4646,7 @@ "references": [ { "reference_id": "CVE-2015-0291", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0291", "severities": [] }, { @@ -4685,7 +4685,7 @@ "references": [ { "reference_id": "CVE-2015-0290", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0290", "severities": [] }, { @@ -4724,7 +4724,7 @@ "references": [ { "reference_id": "CVE-2015-0207", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0207", "severities": [] }, { @@ -4799,7 +4799,7 @@ "references": [ { "reference_id": "CVE-2015-0286", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286", "severities": [] }, { @@ -4838,7 +4838,7 @@ "references": [ { "reference_id": "CVE-2015-0208", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0208", "severities": [] }, { @@ -4913,7 +4913,7 @@ "references": [ { "reference_id": "CVE-2015-0287", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0287", "severities": [] }, { @@ -4988,7 +4988,7 @@ "references": [ { "reference_id": "CVE-2015-0289", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0289", "severities": [] }, { @@ -5051,7 +5051,7 @@ "references": [ { "reference_id": "CVE-2015-0292", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0292", "severities": [] }, { @@ -5126,7 +5126,7 @@ "references": [ { "reference_id": "CVE-2015-0293", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0293", "severities": [] }, { @@ -5165,7 +5165,7 @@ "references": [ { "reference_id": "CVE-2015-1787", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1787", "severities": [] }, { @@ -5204,7 +5204,7 @@ "references": [ { "reference_id": "CVE-2015-0285", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0285", "severities": [] }, { @@ -5279,7 +5279,7 @@ "references": [ { "reference_id": "CVE-2015-0209", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0209", "severities": [] }, { @@ -5354,7 +5354,7 @@ "references": [ { "reference_id": "CVE-2015-0288", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288", "severities": [] }, { @@ -5405,7 +5405,7 @@ "references": [ { "reference_id": "CVE-2015-0206", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206", "severities": [] }, { @@ -5468,7 +5468,7 @@ "references": [ { "reference_id": "CVE-2014-3569", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569", "severities": [] }, { @@ -5531,7 +5531,7 @@ "references": [ { "reference_id": "CVE-2014-3572", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572", "severities": [] }, { @@ -5594,7 +5594,7 @@ "references": [ { "reference_id": "CVE-2014-3571", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571", "severities": [] }, { @@ -5657,7 +5657,7 @@ "references": [ { "reference_id": "CVE-2015-0204", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204", "severities": [] }, { @@ -5708,7 +5708,7 @@ "references": [ { "reference_id": "CVE-2015-0205", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205", "severities": [] }, { @@ -5771,7 +5771,7 @@ "references": [ { "reference_id": "CVE-2014-8275", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275", "severities": [] }, { @@ -5834,7 +5834,7 @@ "references": [ { "reference_id": "CVE-2014-3570", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570", "severities": [] }, { @@ -5873,7 +5873,7 @@ "references": [ { "reference_id": "CVE-2014-3513", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3513", "severities": [] }, { @@ -5936,7 +5936,7 @@ "references": [ { "reference_id": "CVE-2014-3567", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3567", "severities": [] }, { @@ -6045,7 +6045,7 @@ "references": [ { "reference_id": "CVE-2014-3568", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3568", "severities": [] }, { @@ -6108,7 +6108,7 @@ "references": [ { "reference_id": "CVE-2014-3508", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3508", "severities": [] }, { @@ -6142,7 +6142,7 @@ "references": [ { "reference_id": "CVE-2014-5139", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5139", "severities": [] }, { @@ -6188,7 +6188,7 @@ "references": [ { "reference_id": "CVE-2014-3509", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3509", "severities": [] }, { @@ -6246,7 +6246,7 @@ "references": [ { "reference_id": "CVE-2014-3505", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3505", "severities": [] }, { @@ -6304,7 +6304,7 @@ "references": [ { "reference_id": "CVE-2014-3506", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3506", "severities": [] }, { @@ -6362,7 +6362,7 @@ "references": [ { "reference_id": "CVE-2014-3507", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3507", "severities": [] }, { @@ -6420,7 +6420,7 @@ "references": [ { "reference_id": "CVE-2014-3510", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3510", "severities": [] }, { @@ -6454,7 +6454,7 @@ "references": [ { "reference_id": "CVE-2014-3511", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3511", "severities": [] }, { @@ -6488,7 +6488,7 @@ "references": [ { "reference_id": "CVE-2014-3512", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3512", "severities": [] }, { @@ -6522,7 +6522,7 @@ "references": [ { "reference_id": "CVE-2002-0655", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0655", "severities": [] }, { @@ -6556,7 +6556,7 @@ "references": [ { "reference_id": "CVE-2002-0656", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0656", "severities": [] }, { @@ -6590,7 +6590,7 @@ "references": [ { "reference_id": "CVE-2002-0657", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0657", "severities": [] }, { @@ -6624,7 +6624,7 @@ "references": [ { "reference_id": "CVE-2002-0659", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659", "severities": [] }, { @@ -6658,7 +6658,7 @@ "references": [ { "reference_id": "CVE-2002-1568", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1568", "severities": [] }, { @@ -6704,7 +6704,7 @@ "references": [ { "reference_id": "CVE-2003-0078", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0078", "severities": [] }, { @@ -6750,7 +6750,7 @@ "references": [ { "reference_id": "CVE-2003-0131", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0131", "severities": [] }, { @@ -6796,7 +6796,7 @@ "references": [ { "reference_id": "CVE-2003-0147", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0147", "severities": [] }, { @@ -6842,7 +6842,7 @@ "references": [ { "reference_id": "CVE-2003-0543", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543", "severities": [] }, { @@ -6888,7 +6888,7 @@ "references": [ { "reference_id": "CVE-2003-0544", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544", "severities": [] }, { @@ -6922,7 +6922,7 @@ "references": [ { "reference_id": "CVE-2003-0545", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0545", "severities": [] }, { @@ -6956,7 +6956,7 @@ "references": [ { "reference_id": "CVE-2003-0851", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851", "severities": [] }, { @@ -7002,7 +7002,7 @@ "references": [ { "reference_id": "CVE-2004-0079", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079", "severities": [] }, { @@ -7036,7 +7036,7 @@ "references": [ { "reference_id": "CVE-2004-0081", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081", "severities": [] }, { @@ -7070,7 +7070,7 @@ "references": [ { "reference_id": "CVE-2004-0112", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0112", "severities": [] }, { @@ -7116,7 +7116,7 @@ "references": [ { "reference_id": "CVE-2004-0975", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0975", "severities": [] }, { @@ -7174,7 +7174,7 @@ "references": [ { "reference_id": "CVE-2005-2969", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2969", "severities": [] }, { @@ -7232,7 +7232,7 @@ "references": [ { "reference_id": "CVE-2006-4339", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4339", "severities": [] }, { @@ -7278,7 +7278,7 @@ "references": [ { "reference_id": "CVE-2006-2937", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2937", "severities": [] }, { @@ -7336,7 +7336,7 @@ "references": [ { "reference_id": "CVE-2006-2940", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2940", "severities": [] }, { @@ -7394,7 +7394,7 @@ "references": [ { "reference_id": "CVE-2006-3738", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3738", "severities": [] }, { @@ -7452,7 +7452,7 @@ "references": [ { "reference_id": "CVE-2006-4343", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4343", "severities": [] }, { @@ -7486,7 +7486,7 @@ "references": [ { "reference_id": "CVE-2007-4995", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4995", "severities": [] }, { @@ -7520,7 +7520,7 @@ "references": [ { "reference_id": "CVE-2007-5135", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5135", "severities": [] }, { @@ -7554,7 +7554,7 @@ "references": [ { "reference_id": "CVE-2008-0891", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0891", "severities": [] }, { @@ -7588,7 +7588,7 @@ "references": [ { "reference_id": "CVE-2008-1672", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1672", "severities": [] }, { @@ -7622,7 +7622,7 @@ "references": [ { "reference_id": "CVE-2008-5077", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5077", "severities": [] }, { @@ -7656,7 +7656,7 @@ "references": [ { "reference_id": "CVE-2009-0590", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0590", "severities": [] }, { @@ -7690,7 +7690,7 @@ "references": [ { "reference_id": "CVE-2009-0591", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0591", "severities": [] }, { @@ -7724,7 +7724,7 @@ "references": [ { "reference_id": "CVE-2009-0789", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0789", "severities": [] }, { @@ -7758,7 +7758,7 @@ "references": [ { "reference_id": "CVE-2009-1386", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1386", "severities": [] }, { @@ -7792,7 +7792,7 @@ "references": [ { "reference_id": "CVE-2009-3555", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "severities": [] }, { @@ -7826,7 +7826,7 @@ "references": [ { "reference_id": "CVE-2009-1387", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1387", "severities": [] }, { @@ -7860,7 +7860,7 @@ "references": [ { "reference_id": "CVE-2009-1377", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1377", "severities": [] }, { @@ -7899,7 +7899,7 @@ "references": [ { "reference_id": "CVE-2009-1378", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1378", "severities": [] }, { @@ -7938,7 +7938,7 @@ "references": [ { "reference_id": "CVE-2009-1379", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1379", "severities": [] }, { @@ -7977,7 +7977,7 @@ "references": [ { "reference_id": "CVE-2009-4355", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4355", "severities": [] }, { @@ -8011,7 +8011,7 @@ "references": [ { "reference_id": "CVE-2009-3245", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3245", "severities": [] }, { @@ -8045,7 +8045,7 @@ "references": [ { "reference_id": "CVE-2010-0433", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0433", "severities": [] }, { @@ -8079,7 +8079,7 @@ "references": [ { "reference_id": "CVE-2010-0740", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0740", "severities": [] }, { @@ -8125,7 +8125,7 @@ "references": [ { "reference_id": "CVE-2010-0742", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0742", "severities": [] }, { @@ -8159,7 +8159,7 @@ "references": [ { "reference_id": "CVE-2010-1633", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1633", "severities": [] }, { @@ -8205,7 +8205,7 @@ "references": [ { "reference_id": "CVE-2010-3864", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3864", "severities": [] }, { @@ -8239,7 +8239,7 @@ "references": [ { "reference_id": "CVE-2010-4252", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4252", "severities": [] }, { @@ -8285,7 +8285,7 @@ "references": [ { "reference_id": "CVE-2010-4180", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180", "severities": [] }, { @@ -8319,7 +8319,7 @@ "references": [ { "reference_id": "CVE-2011-3207", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3207", "severities": [] }, { @@ -8365,7 +8365,7 @@ "references": [ { "reference_id": "CVE-2011-3210", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3210", "severities": [] }, { @@ -8411,7 +8411,7 @@ "references": [ { "reference_id": "CVE-2011-4108", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4108", "severities": [] }, { @@ -8445,7 +8445,7 @@ "references": [ { "reference_id": "CVE-2011-4109", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4109", "severities": [] }, { @@ -8491,7 +8491,7 @@ "references": [ { "reference_id": "CVE-2011-4576", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4576", "severities": [] }, { @@ -8537,7 +8537,7 @@ "references": [ { "reference_id": "CVE-2011-4577", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4577", "severities": [] }, { @@ -8583,7 +8583,7 @@ "references": [ { "reference_id": "CVE-2011-4619", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4619", "severities": [] }, { @@ -8617,7 +8617,7 @@ "references": [ { "reference_id": "CVE-2012-0027", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0027", "severities": [] }, { @@ -8663,7 +8663,7 @@ "references": [ { "reference_id": "CVE-2012-0050", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0050", "severities": [] }, { @@ -8709,7 +8709,7 @@ "references": [ { "reference_id": "CVE-2012-0884", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0884", "severities": [] }, { @@ -8755,7 +8755,7 @@ "references": [ { "reference_id": "CVE-2011-0014", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0014", "severities": [] }, { @@ -8789,7 +8789,7 @@ "references": [ { "reference_id": "CVE-2012-2131", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2131", "severities": [] }, { @@ -8847,7 +8847,7 @@ "references": [ { "reference_id": "CVE-2012-2110", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2110", "severities": [] }, { @@ -8905,7 +8905,7 @@ "references": [ { "reference_id": "CVE-2012-2333", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2333", "severities": [] }, { @@ -8963,7 +8963,7 @@ "references": [ { "reference_id": "CVE-2013-0169", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "severities": [] }, { @@ -8997,7 +8997,7 @@ "references": [ { "reference_id": "CVE-2012-2686", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2686", "severities": [] }, { @@ -9055,7 +9055,7 @@ "references": [ { "reference_id": "CVE-2013-0166", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166", "severities": [] }, { @@ -9101,7 +9101,7 @@ "references": [ { "reference_id": "CVE-2013-6450", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6450", "severities": [] }, { @@ -9135,7 +9135,7 @@ "references": [ { "reference_id": "CVE-2013-6449", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6449", "severities": [] }, { @@ -9169,7 +9169,7 @@ "references": [ { "reference_id": "CVE-2013-4353", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4353", "severities": [] }, { @@ -9227,7 +9227,7 @@ "references": [ { "reference_id": "CVE-2014-0076", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0076", "severities": [] }, { @@ -9271,7 +9271,7 @@ "references": [ { "reference_id": "CVE-2014-0160", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160", "severities": [] }, { @@ -9329,7 +9329,7 @@ "references": [ { "reference_id": "CVE-2014-0224", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224", "severities": [] }, { @@ -9387,7 +9387,7 @@ "references": [ { "reference_id": "CVE-2014-0221", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0221", "severities": [] }, { @@ -9445,7 +9445,7 @@ "references": [ { "reference_id": "CVE-2014-0195", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0195", "severities": [] }, { @@ -9491,7 +9491,7 @@ "references": [ { "reference_id": "CVE-2014-0198", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0198", "severities": [] }, { @@ -9537,7 +9537,7 @@ "references": [ { "reference_id": "CVE-2010-5298", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-5298", "severities": [] }, { @@ -9595,7 +9595,7 @@ "references": [ { "reference_id": "CVE-2014-3470", - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3470", "severities": [] }, { diff --git a/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json b/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json index 597d18ca5..2f4341ee7 100644 --- a/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json +++ b/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json @@ -1,6 +1,6 @@ [ { - "unique_content_id": "f21b34d4a7ea18d122737df2ac7ca34d", + "unique_content_id": "b7cac498514c187f966805d58748e480", "aliases": [ "CVE-2022-0778", "VC-OPENSSL-20220315-CVE-2022-0778" @@ -46,7 +46,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "severities": [], "reference_id": "CVE-2022-0778" }, @@ -79,7 +79,7 @@ "date_published": "2022-03-15T00:00:00+00:00" }, { - "unique_content_id": "51acb8f56a985f0bc3acea44784350ab", + "unique_content_id": "61d5d76af214adb2277201f87a39172c", "aliases": [ "CVE-2021-4160", "VC-OPENSSL-20220128-CVE-2021-4160" @@ -125,7 +125,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160", "severities": [], "reference_id": "CVE-2021-4160" }, @@ -158,7 +158,7 @@ "date_published": "2022-01-28T00:00:00+00:00" }, { - "unique_content_id": "916a8251a548511a352d539b1bf4eb5c", + "unique_content_id": "8a881398b91d7f4f36aaa2b43dc26eee", "aliases": [ "CVE-2021-4044", "VC-OPENSSL-20211214-CVE-2021-4044" @@ -180,7 +180,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4044", "severities": [], "reference_id": "CVE-2021-4044" }, @@ -203,7 +203,7 @@ "date_published": "2021-12-14T00:00:00+00:00" }, { - "unique_content_id": "0479318324d15282763552423f5f8c3d", + "unique_content_id": "94ef1ad0f7c9d43e89a91d23c260991a", "aliases": [ "CVE-2021-3711", "VC-OPENSSL-20210824-CVE-2021-3711" @@ -225,7 +225,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711", "severities": [], "reference_id": "CVE-2021-3711" }, @@ -248,7 +248,7 @@ "date_published": "2021-08-24T00:00:00+00:00" }, { - "unique_content_id": "500a029b3d09544300100ff1c3aae5cd", + "unique_content_id": "d983b35db2f988ada9600e40e90d1328", "aliases": [ "CVE-2021-3712", "VC-OPENSSL-20210824-CVE-2021-3712" @@ -282,7 +282,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712", "severities": [], "reference_id": "CVE-2021-3712" }, @@ -310,12 +310,12 @@ "date_published": "2021-08-24T00:00:00+00:00" }, { - "unique_content_id": "6d2aa537f0a75a42562c11aed4b13143", + "unique_content_id": "1f5b764f02186661daeddc59bf4da52e", "aliases": [ - "CVE-2017-3730", - "VC-OPENSSL-20170126-CVE-2017-3730" + "CVE-2014-3513", + "VC-OPENSSL-20141015-CVE-2014-3513" ], - "summary": "If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.", + "summary": "A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.", "affected_packages": [ { "package": { @@ -326,36 +326,31 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.1.0d", - "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b|1.1.0c" + "fixed_version": "1.0.1j", + "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h|1.0.1i" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3513", "severities": [], - "reference_id": "CVE-2017-3730" - }, - { - "url": "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa", - "severities": [], - "reference_id": "" + "reference_id": "CVE-2014-3513" }, { - "url": "https://www.openssl.org/news/secadv/20170126.txt", + "url": "https://www.openssl.org/news/secadv/20141015.txt", "severities": [ { - "value": "Moderate", + "value": "High", "system": "generic_textual" } ], "reference_id": "" } ], - "date_published": "2017-01-26T00:00:00+00:00" + "date_published": "2014-10-15T00:00:00+00:00" }, { - "unique_content_id": "979631926ab9020f5a1abb5c8be96835", + "unique_content_id": "1c00a83795f7053ffbf8e1bd9a9625bf", "aliases": [ "CVE-2021-3450", "VC-OPENSSL-20210325-CVE-2021-3450" @@ -377,7 +372,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "severities": [], "reference_id": "CVE-2021-3450" }, @@ -400,7 +395,7 @@ "date_published": "2021-03-25T00:00:00+00:00" }, { - "unique_content_id": "2f937457e48c90186d19596c6f35b144", + "unique_content_id": "cd515c6026ee6098fc7b277ffd0c823b", "aliases": [ "CVE-2021-3449", "VC-OPENSSL-20210325-CVE-2021-3449" @@ -422,7 +417,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "severities": [], "reference_id": "CVE-2021-3449" }, @@ -445,7 +440,7 @@ "date_published": "2021-03-25T00:00:00+00:00" }, { - "unique_content_id": "cd154ac36ffadeeefdc2bbec1e350faf", + "unique_content_id": "c7c47549dfdab0afe770c9247331bc7d", "aliases": [ "CVE-2021-23841", "VC-OPENSSL-20210216-CVE-2021-23841" @@ -479,7 +474,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841", "severities": [], "reference_id": "CVE-2021-23841" }, @@ -507,7 +502,7 @@ "date_published": "2021-02-16T00:00:00+00:00" }, { - "unique_content_id": "4a26bc36e08d508dd192fb0363718696", + "unique_content_id": "d73535dab9e59a40ce8493e4de3e4300", "aliases": [ "CVE-2021-23839", "VC-OPENSSL-20210216-CVE-2021-23839" @@ -529,7 +524,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23839", "severities": [], "reference_id": "CVE-2021-23839" }, @@ -552,12 +547,12 @@ "date_published": "2021-02-16T00:00:00+00:00" }, { - "unique_content_id": "dcb0d6fa7e0ac26a1a8a55d6679a9083", + "unique_content_id": "258fbaa0014921327e197180e1a9c168", "aliases": [ - "CVE-2019-1543", - "VC-OPENSSL-20190306-CVE-2019-1543" + "CVE-2018-0735", + "VC-OPENSSL-20181029-CVE-2018-0735" ], - "summary": "ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time.", + "summary": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key.", "affected_packages": [ { "package": { @@ -568,8 +563,8 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.1.1c", - "affected_version_range": "vers:openssl/1.1.1|1.1.1a|1.1.1b" + "fixed_version": "1.1.1a", + "affected_version_range": "vers:openssl/1.1.1" }, { "package": { @@ -580,28 +575,28 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.1.0k", - "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b|1.1.0c|1.1.0d|1.1.0e|1.1.0f|1.1.0g|1.1.0h|1.1.0i|1.1.0j" + "fixed_version": "1.1.0j", + "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b|1.1.0c|1.1.0d|1.1.0e|1.1.0f|1.1.0g|1.1.0h|1.1.0i" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735", "severities": [], - "reference_id": "CVE-2019-1543" + "reference_id": "CVE-2018-0735" }, { - "url": "https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3", + "url": "https://github.com/openssl/openssl/commit/56fb454d281a023b3f950d969693553d3f3ceea1", "severities": [], "reference_id": "" }, { - "url": "https://github.com/openssl/openssl/commit/ee22257b1418438ebaf54df98af4e24f494d1809", + "url": "https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", "severities": [], "reference_id": "" }, { - "url": "https://www.openssl.org/news/secadv/20190306.txt", + "url": "https://www.openssl.org/news/secadv/20181029.txt", "severities": [ { "value": "Low", @@ -611,10 +606,10 @@ "reference_id": "" } ], - "date_published": "2019-03-06T00:00:00+00:00" + "date_published": "2018-10-29T00:00:00+00:00" }, { - "unique_content_id": "a78d669563d95318535a18df275641d2", + "unique_content_id": "a1eb94a9234b06a7bc37d714496233e2", "aliases": [ "CVE-2021-23840", "VC-OPENSSL-20210216-CVE-2021-23840" @@ -648,7 +643,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840", "severities": [], "reference_id": "CVE-2021-23840" }, @@ -676,7 +671,7 @@ "date_published": "2021-02-16T00:00:00+00:00" }, { - "unique_content_id": "6ab57301d2d9a90b2dbf8459d92c2122", + "unique_content_id": "879e976d13345716651026dcc09f6718", "aliases": [ "CVE-2020-1971", "VC-OPENSSL-20201208-CVE-2020-1971" @@ -710,7 +705,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971", "severities": [], "reference_id": "CVE-2020-1971" }, @@ -738,7 +733,7 @@ "date_published": "2020-12-08T00:00:00+00:00" }, { - "unique_content_id": "397fec8fad3810942341fb48891435ef", + "unique_content_id": "7dcc6225be95f6df4ef356fd050def47", "aliases": [ "CVE-2020-1968", "VC-OPENSSL-20200909-CVE-2020-1968" @@ -760,7 +755,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1968", "severities": [], "reference_id": "CVE-2020-1968" }, @@ -778,7 +773,7 @@ "date_published": "2020-09-09T00:00:00+00:00" }, { - "unique_content_id": "04d208f2fd751ede98e1632ebe156ca1", + "unique_content_id": "495664aed314f22468782ba341c0e4b7", "aliases": [ "CVE-2020-1967", "VC-OPENSSL-20200421-CVE-2020-1967" @@ -800,7 +795,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1967", "severities": [], "reference_id": "CVE-2020-1967" }, @@ -823,7 +818,7 @@ "date_published": "2020-04-21T00:00:00+00:00" }, { - "unique_content_id": "b67153e2f865afc03baa6c81a14a6759", + "unique_content_id": "86be7ce8b4721b777ef32dd64df3edf4", "aliases": [ "CVE-2019-1551", "VC-OPENSSL-20191206-CVE-2019-1551" @@ -857,7 +852,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1551", "severities": [], "reference_id": "CVE-2019-1551" }, @@ -885,7 +880,7 @@ "date_published": "2019-12-06T00:00:00+00:00" }, { - "unique_content_id": "befa373ba750119c5739c45c2f713f6e", + "unique_content_id": "1f0e667392222fc1f127592636e906fa", "aliases": [ "CVE-2019-1547", "VC-OPENSSL-20190910-CVE-2019-1547" @@ -931,7 +926,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1547", "severities": [], "reference_id": "CVE-2019-1547" }, @@ -964,7 +959,7 @@ "date_published": "2019-09-10T00:00:00+00:00" }, { - "unique_content_id": "e8d4f6a2b06cb2858cee415afb2537cd", + "unique_content_id": "7fadac522d658facb12f299bb48ba2ec", "aliases": [ "CVE-2019-1549", "VC-OPENSSL-20190910-CVE-2019-1549" @@ -986,7 +981,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1549", "severities": [], "reference_id": "CVE-2019-1549" }, @@ -1009,7 +1004,7 @@ "date_published": "2019-09-10T00:00:00+00:00" }, { - "unique_content_id": "0c282207273f23b93f4db5ddf8d5d939", + "unique_content_id": "5d70e446788723818dd00550d04e12ba", "aliases": [ "CVE-2019-1563", "VC-OPENSSL-20190910-CVE-2019-1563" @@ -1055,7 +1050,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1563", "severities": [], "reference_id": "CVE-2019-1563" }, @@ -1088,7 +1083,7 @@ "date_published": "2019-09-10T00:00:00+00:00" }, { - "unique_content_id": "6769b82494cbf31cc9f0e0d7f1ac7322", + "unique_content_id": "99942df08565fdb3248518baae83dd13", "aliases": [ "CVE-2019-1552", "VC-OPENSSL-20190730-CVE-2019-1552" @@ -1134,7 +1129,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1552", "severities": [], "reference_id": "CVE-2019-1552" }, @@ -1172,12 +1167,12 @@ "date_published": "2019-07-30T00:00:00+00:00" }, { - "unique_content_id": "e68307a3457c2735f7e8cb6078fd7f56", + "unique_content_id": "3a7c4643755506fb7a1f5b64a111e894", "aliases": [ - "CVE-2002-0655", - "VC-OPENSSL-20020730-CVE-2002-0655" + "CVE-2019-1543", + "VC-OPENSSL-20190306-CVE-2019-1543" ], - "summary": "Inproper handling of ASCII representations of integers on 64 bit platforms allowed remote attackers to cause a denial of service or possibly execute arbitrary code.", + "summary": "ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time.", "affected_packages": [ { "package": { @@ -1188,26 +1183,53 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "0.9.6e", - "affected_version_range": "vers:openssl/0.9.6|0.9.6a|0.9.6b|0.9.6c|0.9.6d" + "fixed_version": "1.1.1c", + "affected_version_range": "vers:openssl/1.1.1|1.1.1a|1.1.1b" + }, + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.1.0k", + "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b|1.1.0c|1.1.0d|1.1.0e|1.1.0f|1.1.0g|1.1.0h|1.1.0i|1.1.0j" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1543", "severities": [], - "reference_id": "CVE-2002-0655" + "reference_id": "CVE-2019-1543" }, { - "url": "https://www.openssl.org/news/secadv/20020730.txt", + "url": "https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3", "severities": [], "reference_id": "" + }, + { + "url": "https://github.com/openssl/openssl/commit/ee22257b1418438ebaf54df98af4e24f494d1809", + "severities": [], + "reference_id": "" + }, + { + "url": "https://www.openssl.org/news/secadv/20190306.txt", + "severities": [ + { + "value": "Low", + "system": "generic_textual" + } + ], + "reference_id": "" } ], - "date_published": "2002-07-30T00:00:00+00:00" + "date_published": "2019-03-06T00:00:00+00:00" }, { - "unique_content_id": "3dc8bd092524f84091ea30a773933559", + "unique_content_id": "c51e38c375d1211f3e69abe7b2c62f37", "aliases": [ "CVE-2019-1559", "VC-OPENSSL-20190226-CVE-2019-1559" @@ -1229,7 +1251,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", "severities": [], "reference_id": "CVE-2019-1559" }, @@ -1252,7 +1274,7 @@ "date_published": "2019-02-26T00:00:00+00:00" }, { - "unique_content_id": "6043976fd76f3c3fbab8d11740e5320b", + "unique_content_id": "97a3816c4c8f0bd0e607a4d8a79c5ae8", "aliases": [ "CVE-2018-5407", "VC-OPENSSL-20181102-CVE-2018-5407" @@ -1286,7 +1308,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "severities": [], "reference_id": "CVE-2018-5407" }, @@ -1314,7 +1336,7 @@ "date_published": "2018-11-02T00:00:00+00:00" }, { - "unique_content_id": "4e616aaf6f91f3d184ca82746831746b", + "unique_content_id": "560c315c120edfe0bbd8c9146854a53f", "aliases": [ "CVE-2018-0734", "VC-OPENSSL-20181030-CVE-2018-0734" @@ -1360,7 +1382,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", "severities": [], "reference_id": "CVE-2018-0734" }, @@ -1393,109 +1415,7 @@ "date_published": "2018-10-30T00:00:00+00:00" }, { - "unique_content_id": "2778f55819a2d85d7257d9b3e1cd1647", - "aliases": [ - "CVE-2018-0735", - "VC-OPENSSL-20181029-CVE-2018-0735" - ], - "summary": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.1.1a", - "affected_version_range": "vers:openssl/1.1.1" - }, - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.1.0j", - "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b|1.1.0c|1.1.0d|1.1.0e|1.1.0f|1.1.0g|1.1.0h|1.1.0i" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2018-0735" - }, - { - "url": "https://github.com/openssl/openssl/commit/56fb454d281a023b3f950d969693553d3f3ceea1", - "severities": [], - "reference_id": "" - }, - { - "url": "https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "severities": [], - "reference_id": "" - }, - { - "url": "https://www.openssl.org/news/secadv/20181029.txt", - "severities": [ - { - "value": "Low", - "system": "generic_textual" - } - ], - "reference_id": "" - } - ], - "date_published": "2018-10-29T00:00:00+00:00" - }, - { - "unique_content_id": "cc9ca7d343a80bedfcf50b4180c9491f", - "aliases": [ - "CVE-2015-0208", - "VC-OPENSSL-20150319-CVE-2015-0208" - ], - "summary": "Segmentation fault for invalid PSS parameters. The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.2a", - "affected_version_range": "vers:openssl/1.0.2" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2015-0208" - }, - { - "url": "https://www.openssl.org/news/secadv/20150319.txt", - "severities": [ - { - "value": "Moderate", - "system": "generic_textual" - } - ], - "reference_id": "" - } - ], - "date_published": "2015-03-19T00:00:00+00:00" - }, - { - "unique_content_id": "3ae08bd068f1f92706ab0e5c62d27ccb", + "unique_content_id": "1c0b39742398a6ee6180477140815f3c", "aliases": [ "CVE-2018-0732", "VC-OPENSSL-20180612-CVE-2018-0732" @@ -1529,7 +1449,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", "severities": [], "reference_id": "CVE-2018-0732" }, @@ -1557,7 +1477,7 @@ "date_published": "2018-06-12T00:00:00+00:00" }, { - "unique_content_id": "8746cb02bc012a1a479959dfa00299e4", + "unique_content_id": "c3f15a1b2a0994c4d94cdd590448502e", "aliases": [ "CVE-2018-0737", "VC-OPENSSL-20180416-CVE-2018-0737" @@ -1591,7 +1511,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737", "severities": [], "reference_id": "CVE-2018-0737" }, @@ -1619,7 +1539,7 @@ "date_published": "2018-04-16T00:00:00+00:00" }, { - "unique_content_id": "becb654474180cf687f2cc40f1a60571", + "unique_content_id": "5d79faa4a5410c3b5668f2d394e84beb", "aliases": [ "CVE-2018-0739", "VC-OPENSSL-20180327-CVE-2018-0739" @@ -1653,7 +1573,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739", "severities": [], "reference_id": "CVE-2018-0739" }, @@ -1681,7 +1601,7 @@ "date_published": "2018-03-27T00:00:00+00:00" }, { - "unique_content_id": "166142e3c0de0d6a86972dbddff1cb7e", + "unique_content_id": "511c78e495eb70feae6bf315b747e4f3", "aliases": [ "CVE-2018-0733", "VC-OPENSSL-20180327-CVE-2018-0733" @@ -1703,7 +1623,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0733", "severities": [], "reference_id": "CVE-2018-0733" }, @@ -1726,12 +1646,12 @@ "date_published": "2018-03-27T00:00:00+00:00" }, { - "unique_content_id": "c437613c29f33c54845692004cf696be", + "unique_content_id": "2a318491d9833a368fd374f0cd6f3d30", "aliases": [ - "CVE-2017-3731", - "VC-OPENSSL-20170126-CVE-2017-3731" + "CVE-2016-7053", + "VC-OPENSSL-20161110-CVE-2016-7053" ], - "summary": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k", + "summary": "Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.", "affected_packages": [ { "package": { @@ -1742,40 +1662,23 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.1.0d", - "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b|1.1.0c" - }, - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.2k", - "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j" + "fixed_version": "1.1.0c", + "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7053", "severities": [], - "reference_id": "CVE-2017-3731" - }, - { - "url": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21", - "severities": [], - "reference_id": "" + "reference_id": "CVE-2016-7053" }, { - "url": "https://github.com/openssl/openssl/commit/51d009043670a627d6abe66894126851cf3690e9", + "url": "https://github.com/openssl/openssl/commit/610b66267e41a32805ab54cbc580c5a6d5826cb4", "severities": [], "reference_id": "" }, { - "url": "https://www.openssl.org/news/secadv/20170126.txt", + "url": "https://www.openssl.org/news/secadv/20161110.txt", "severities": [ { "value": "Moderate", @@ -1785,10 +1688,10 @@ "reference_id": "" } ], - "date_published": "2017-01-26T00:00:00+00:00" + "date_published": "2016-11-10T00:00:00+00:00" }, { - "unique_content_id": "4c0f526e018573f146e18792032e7731", + "unique_content_id": "c325238786ca680793125f8be9b90666", "aliases": [ "CVE-2017-3737", "VC-OPENSSL-20171207-CVE-2017-3737" @@ -1810,7 +1713,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", "severities": [], "reference_id": "CVE-2017-3737" }, @@ -1833,7 +1736,7 @@ "date_published": "2017-12-07T00:00:00+00:00" }, { - "unique_content_id": "8dc5963bb479faf3fbbe3a265c82dbd7", + "unique_content_id": "6b50c66357f3abbbe4ff41ad12791fd9", "aliases": [ "CVE-2017-3738", "VC-OPENSSL-20171207-CVE-2017-3738" @@ -1867,7 +1770,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", "severities": [], "reference_id": "CVE-2017-3738" }, @@ -1895,7 +1798,7 @@ "date_published": "2017-12-07T00:00:00+00:00" }, { - "unique_content_id": "660b98dea78fa816afeb0510b1674b8d", + "unique_content_id": "3fd442d507f8355357aed257f3be199d", "aliases": [ "CVE-2017-3736", "VC-OPENSSL-20171102-CVE-2017-3736" @@ -1929,7 +1832,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", "severities": [], "reference_id": "CVE-2017-3736" }, @@ -1957,7 +1860,7 @@ "date_published": "2017-11-02T00:00:00+00:00" }, { - "unique_content_id": "439dc90b66c00300ee51f815f56cf58b", + "unique_content_id": "88bc79e6adf5370cba696aa64de2abfb", "aliases": [ "CVE-2017-3735", "VC-OPENSSL-20170828-CVE-2017-3735" @@ -1991,7 +1894,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3735", "severities": [], "reference_id": "CVE-2017-3735" }, @@ -2019,7 +1922,7 @@ "date_published": "2017-08-28T00:00:00+00:00" }, { - "unique_content_id": "23aaa6933cd1c96cf69d61ab658ffaa6", + "unique_content_id": "526e150a2c030026d5cf82c511df7592", "aliases": [ "CVE-2017-3733", "VC-OPENSSL-20170216-CVE-2017-3733" @@ -2041,7 +1944,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3733", "severities": [], "reference_id": "CVE-2017-3733" }, @@ -2064,12 +1967,12 @@ "date_published": "2017-02-16T00:00:00+00:00" }, { - "unique_content_id": "88089ff7def753a03ec8930b65d3dc0b", + "unique_content_id": "ceedb280a4d99109a26884ac4ec190fd", "aliases": [ - "CVE-2017-3732", - "VC-OPENSSL-20170126-CVE-2017-3732" + "CVE-2017-3731", + "VC-OPENSSL-20170126-CVE-2017-3731" ], - "summary": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", + "summary": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k", "affected_packages": [ { "package": { @@ -2098,17 +2001,17 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", "severities": [], - "reference_id": "CVE-2017-3732" + "reference_id": "CVE-2017-3731" }, { - "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", + "url": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21", "severities": [], "reference_id": "" }, { - "url": "https://github.com/openssl/openssl/commit/760d04342a495ee86bf5adc71a91d126af64397f", + "url": "https://github.com/openssl/openssl/commit/51d009043670a627d6abe66894126851cf3690e9", "severities": [], "reference_id": "" }, @@ -2126,12 +2029,12 @@ "date_published": "2017-01-26T00:00:00+00:00" }, { - "unique_content_id": "2e8af84caeea9566a87b8fa192c640c3", + "unique_content_id": "a0447ff218665545b036454e89ab3da8", "aliases": [ - "CVE-2016-2183", - "VC-OPENSSL-20160824-CVE-2016-2183" + "CVE-2017-3730", + "VC-OPENSSL-20170126-CVE-2017-3730" ], - "summary": "Because DES (and triple-DES) has only a 64-bit block size, birthday attacks are a real concern. For example, with the ability to run Javascript in a browser, it is possible to send enough traffic to cause a collision, and then use that information to recover something like a session Cookie. Triple-DES, which shows up as \u201cDES-CBC3\u201d in an OpenSSL cipher string, is still used on the Web, and major browsers are not yet willing to completely disable it. If you run a server, you should disable triple-DES. This is generally a configuration issue. If you run an old server that doesn\u2019t support any better ciphers than DES or RC4, you should upgrade. For 1.0.2 and 1.0.1, we removed the triple-DES ciphers from the \u201cHIGH\u201d keyword and put them into \u201cMEDIUM.\u201d Note that we did not remove them from the \u201cDEFAULT\u201d keyword. For the 1.1.0 release, we treat triple-DES just like we are treating RC4. It is not compiled by default; you have to use \u201cenable-weak-ssl-ciphers\u201d as a config option. Even when those ciphers are compiled, triple-DES is only in the \u201cMEDIUM\u201d keyword. In addition we also removed it from the \u201cDEFAULT\u201d keyword.", + "summary": "If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.", "affected_packages": [ { "package": { @@ -2142,36 +2045,41 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.0.2i", - "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h" + "fixed_version": "1.1.0d", + "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b|1.1.0c" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3730", "severities": [], - "reference_id": "CVE-2016-2183" + "reference_id": "CVE-2017-3730" }, { - "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "url": "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa", + "severities": [], + "reference_id": "" + }, + { + "url": "https://www.openssl.org/news/secadv/20170126.txt", "severities": [ { - "value": "Low", + "value": "Moderate", "system": "generic_textual" } ], "reference_id": "" } ], - "date_published": "2016-08-24T00:00:00+00:00" + "date_published": "2017-01-26T00:00:00+00:00" }, { - "unique_content_id": "8ce482c788bb50eef1035dbcc656d937", + "unique_content_id": "706dd13f07097397f57b882c363f9119", "aliases": [ - "CVE-2016-7054", - "VC-OPENSSL-20161110-CVE-2016-7054" + "CVE-2017-3732", + "VC-OPENSSL-20170126-CVE-2017-3732" ], - "summary": "TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.", + "summary": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", "affected_packages": [ { "package": { @@ -2182,41 +2090,98 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.1.0c", - "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b" + "fixed_version": "1.1.0d", + "affected_version_range": "vers:openssl/1.1.0|1.1.0a|1.1.0b|1.1.0c" + }, + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.2k", + "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", "severities": [], - "reference_id": "CVE-2016-7054" + "reference_id": "CVE-2017-3732" }, { - "url": "https://github.com/openssl/openssl/commit/99d97842ddb5fbbbfb5e9820a64ebd19afe569f6", + "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", "severities": [], "reference_id": "" }, { - "url": "https://www.openssl.org/news/secadv/20161110.txt", + "url": "https://github.com/openssl/openssl/commit/760d04342a495ee86bf5adc71a91d126af64397f", + "severities": [], + "reference_id": "" + }, + { + "url": "https://www.openssl.org/news/secadv/20170126.txt", "severities": [ { - "value": "High", + "value": "Moderate", "system": "generic_textual" } ], "reference_id": "" } ], - "date_published": "2016-11-10T00:00:00+00:00" + "date_published": "2017-01-26T00:00:00+00:00" }, { - "unique_content_id": "9cfaa6fbb478cdb827a9b78c3344d305", + "unique_content_id": "fe925b287358f673a6f05a7b1f1022ab", "aliases": [ - "CVE-2016-7053", - "VC-OPENSSL-20161110-CVE-2016-7053" + "CVE-2016-2183", + "VC-OPENSSL-20160824-CVE-2016-2183" ], - "summary": "Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.", + "summary": "Because DES (and triple-DES) has only a 64-bit block size, birthday attacks are a real concern. For example, with the ability to run Javascript in a browser, it is possible to send enough traffic to cause a collision, and then use that information to recover something like a session Cookie. Triple-DES, which shows up as \u201cDES-CBC3\u201d in an OpenSSL cipher string, is still used on the Web, and major browsers are not yet willing to completely disable it. If you run a server, you should disable triple-DES. This is generally a configuration issue. If you run an old server that doesn\u2019t support any better ciphers than DES or RC4, you should upgrade. For 1.0.2 and 1.0.1, we removed the triple-DES ciphers from the \u201cHIGH\u201d keyword and put them into \u201cMEDIUM.\u201d Note that we did not remove them from the \u201cDEFAULT\u201d keyword. For the 1.1.0 release, we treat triple-DES just like we are treating RC4. It is not compiled by default; you have to use \u201cenable-weak-ssl-ciphers\u201d as a config option. Even when those ciphers are compiled, triple-DES is only in the \u201cMEDIUM\u201d keyword. In addition we also removed it from the \u201cDEFAULT\u201d keyword.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.2i", + "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", + "severities": [], + "reference_id": "CVE-2016-2183" + }, + { + "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", + "severities": [ + { + "value": "Low", + "system": "generic_textual" + } + ], + "reference_id": "" + } + ], + "date_published": "2016-08-24T00:00:00+00:00" + }, + { + "unique_content_id": "030f10739bdaba22d1d6645e64f07517", + "aliases": [ + "CVE-2016-7054", + "VC-OPENSSL-20161110-CVE-2016-7054" + ], + "summary": "TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.", "affected_packages": [ { "package": { @@ -2233,12 +2198,12 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7054", "severities": [], - "reference_id": "CVE-2016-7053" + "reference_id": "CVE-2016-7054" }, { - "url": "https://github.com/openssl/openssl/commit/610b66267e41a32805ab54cbc580c5a6d5826cb4", + "url": "https://github.com/openssl/openssl/commit/99d97842ddb5fbbbfb5e9820a64ebd19afe569f6", "severities": [], "reference_id": "" }, @@ -2246,7 +2211,7 @@ "url": "https://www.openssl.org/news/secadv/20161110.txt", "severities": [ { - "value": "Moderate", + "value": "High", "system": "generic_textual" } ], @@ -2256,7 +2221,7 @@ "date_published": "2016-11-10T00:00:00+00:00" }, { - "unique_content_id": "4a1097065e20b88eb1a174b6bdb13147", + "unique_content_id": "3608a808a8a6b24e46ee057009635f06", "aliases": [ "CVE-2016-7055", "VC-OPENSSL-20161110-CVE-2016-7055" @@ -2290,7 +2255,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", "severities": [], "reference_id": "CVE-2016-7055" }, @@ -2318,7 +2283,7 @@ "date_published": "2016-11-10T00:00:00+00:00" }, { - "unique_content_id": "43f7b01b8e9d8aa963c87710003b9f29", + "unique_content_id": "7260960e07c3ddfdd75af49a326447b5", "aliases": [ "CVE-2016-6309", "VC-OPENSSL-20160926-CVE-2016-6309" @@ -2340,7 +2305,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6309", "severities": [], "reference_id": "CVE-2016-6309" }, @@ -2363,7 +2328,7 @@ "date_published": "2016-09-26T00:00:00+00:00" }, { - "unique_content_id": "a8d4aa2b239edd4b6813f888c8ae1ac3", + "unique_content_id": "c0e7321626534a262329d3c9d2ce395b", "aliases": [ "CVE-2016-7052", "VC-OPENSSL-20160926-CVE-2016-7052" @@ -2385,7 +2350,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7052", "severities": [], "reference_id": "CVE-2016-7052" }, @@ -2408,7 +2373,7 @@ "date_published": "2016-09-26T00:00:00+00:00" }, { - "unique_content_id": "fac58212f4d8c7153a317a4c340d8086", + "unique_content_id": "2aec13966ccec41c3e9b7654a382cdf5", "aliases": [ "CVE-2016-6304", "VC-OPENSSL-20160922-CVE-2016-6304" @@ -2454,7 +2419,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6304", "severities": [], "reference_id": "CVE-2016-6304" }, @@ -2487,7 +2452,7 @@ "date_published": "2016-09-22T00:00:00+00:00" }, { - "unique_content_id": "7428039ef1264a919b22cff5862746b2", + "unique_content_id": "9f60c84f86e5950759cfb1e4239dc8da", "aliases": [ "CVE-2016-6305", "VC-OPENSSL-20160922-CVE-2016-6305" @@ -2509,7 +2474,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6305", "severities": [], "reference_id": "CVE-2016-6305" }, @@ -2532,7 +2497,7 @@ "date_published": "2016-09-22T00:00:00+00:00" }, { - "unique_content_id": "17add5926c313d756cadd4a776b5685a", + "unique_content_id": "06439c697462c5961b77d77aa81ae32e", "aliases": [ "CVE-2016-6303", "VC-OPENSSL-20160824-CVE-2016-6303" @@ -2566,7 +2531,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6303", "severities": [], "reference_id": "CVE-2016-6303" }, @@ -2594,12 +2559,12 @@ "date_published": "2016-08-24T00:00:00+00:00" }, { - "unique_content_id": "dafd4ee958c2a7314511aa72715a0890", + "unique_content_id": "d4f9fae37ae59e002b9b8645640f2c92", "aliases": [ - "CVE-2002-0656", - "VC-OPENSSL-20020730-CVE-2002-0656" + "CVE-2016-6302", + "VC-OPENSSL-20160823-CVE-2016-6302" ], - "summary": "A buffer overflow allowed remote attackers to execute arbitrary code by sending a large client master key in SSL2 or a large session ID in SSL3.", + "summary": "If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.", "affected_packages": [ { "package": { @@ -2610,31 +2575,58 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "0.9.6e", - "affected_version_range": "vers:openssl/0.9.6|0.9.6a|0.9.6b|0.9.6c|0.9.6d" + "fixed_version": "1.0.1u", + "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h|1.0.1i|1.0.1j|1.0.1k|1.0.1l|1.0.1m|1.0.1n|1.0.1o|1.0.1p|1.0.1q|1.0.1r|1.0.1s|1.0.1t" + }, + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.2i", + "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", "severities": [], - "reference_id": "CVE-2002-0656" + "reference_id": "CVE-2016-6302" }, { - "url": "https://www.openssl.org/news/secadv/20020730.txt", + "url": "https://github.com/openssl/openssl/commit/1bbe48ab149893a78bf99c8eb8895c928900a16f", "severities": [], "reference_id": "" + }, + { + "url": "https://github.com/openssl/openssl/commit/baaabfd8fdcec04a691695fad9a664bea43202b6", + "severities": [], + "reference_id": "" + }, + { + "url": "https://www.openssl.org/news/secadv/20160922.txt", + "severities": [ + { + "value": "Low", + "system": "generic_textual" + } + ], + "reference_id": "" } ], - "date_published": "2002-07-30T00:00:00+00:00" + "date_published": "2016-08-23T00:00:00+00:00" }, { - "unique_content_id": "c60fe36a86a5dff1a6c2432fbd812f92", + "unique_content_id": "9a6095f3c1e00841abe8214157684780", "aliases": [ - "CVE-2016-6302", - "VC-OPENSSL-20160823-CVE-2016-6302" + "CVE-2016-2182", + "VC-OPENSSL-20160816-CVE-2016-2182" ], - "summary": "If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.", + "summary": "The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.", "affected_packages": [ { "package": { @@ -2663,19 +2655,9 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", "severities": [], - "reference_id": "CVE-2016-6302" - }, - { - "url": "https://github.com/openssl/openssl/commit/1bbe48ab149893a78bf99c8eb8895c928900a16f", - "severities": [], - "reference_id": "" - }, - { - "url": "https://github.com/openssl/openssl/commit/baaabfd8fdcec04a691695fad9a664bea43202b6", - "severities": [], - "reference_id": "" + "reference_id": "CVE-2016-2182" }, { "url": "https://www.openssl.org/news/secadv/20160922.txt", @@ -2688,15 +2670,15 @@ "reference_id": "" } ], - "date_published": "2016-08-23T00:00:00+00:00" + "date_published": "2016-08-16T00:00:00+00:00" }, { - "unique_content_id": "0bb09454931ea2a318ca6acaec8b7318", + "unique_content_id": "5986971c9c473f1d3566a00414e0b9ca", "aliases": [ - "CVE-2016-2182", - "VC-OPENSSL-20160816-CVE-2016-2182" + "CVE-2016-2180", + "VC-OPENSSL-20160722-CVE-2016-2180" ], - "summary": "The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.", + "summary": "The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.", "affected_packages": [ { "package": { @@ -2725,9 +2707,9 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2180", "severities": [], - "reference_id": "CVE-2016-2182" + "reference_id": "CVE-2016-2180" }, { "url": "https://www.openssl.org/news/secadv/20160922.txt", @@ -2740,15 +2722,15 @@ "reference_id": "" } ], - "date_published": "2016-08-16T00:00:00+00:00" + "date_published": "2016-07-22T00:00:00+00:00" }, { - "unique_content_id": "d176ce66243cf39ca9f4e2e83f83c0e6", + "unique_content_id": "9ebc8678fd2c195b8484447652f18ad9", "aliases": [ - "CVE-2016-2180", - "VC-OPENSSL-20160722-CVE-2016-2180" + "CVE-2016-0705", + "VC-OPENSSL-20160301-CVE-2016-0705" ], - "summary": "The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.", + "summary": "A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare.", "affected_packages": [ { "package": { @@ -2759,8 +2741,8 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.0.1u", - "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h|1.0.1i|1.0.1j|1.0.1k|1.0.1l|1.0.1m|1.0.1n|1.0.1o|1.0.1p|1.0.1q|1.0.1r|1.0.1s|1.0.1t" + "fixed_version": "1.0.1s", + "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h|1.0.1i|1.0.1j|1.0.1k|1.0.1l|1.0.1m|1.0.1n|1.0.1o|1.0.1p|1.0.1q|1.0.1r" }, { "package": { @@ -2771,18 +2753,18 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.0.2i", - "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h" + "fixed_version": "1.0.2g", + "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0705", "severities": [], - "reference_id": "CVE-2016-2180" + "reference_id": "CVE-2016-0705" }, { - "url": "https://www.openssl.org/news/secadv/20160922.txt", + "url": "https://www.openssl.org/news/secadv/20160301.txt", "severities": [ { "value": "Low", @@ -2792,10 +2774,10 @@ "reference_id": "" } ], - "date_published": "2016-07-22T00:00:00+00:00" + "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "6f6b2333533ef051901ad93b99fd2666", + "unique_content_id": "500a5ad0983e23c65276ed2c79752320", "aliases": [ "CVE-2016-2177", "VC-OPENSSL-20160601-CVE-2016-2177" @@ -2829,7 +2811,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2177", "severities": [], "reference_id": "CVE-2016-2177" }, @@ -2847,7 +2829,7 @@ "date_published": "2016-06-01T00:00:00+00:00" }, { - "unique_content_id": "9d5c530e54e645162bc66cc05a0f93f2", + "unique_content_id": "8c53a0b019fbf0bcb4bcafc9dfab395b", "aliases": [ "CVE-2016-2178", "VC-OPENSSL-20160607-CVE-2016-2178" @@ -2881,7 +2863,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2178", "severities": [], "reference_id": "CVE-2016-2178" }, @@ -2899,7 +2881,7 @@ "date_published": "2016-06-07T00:00:00+00:00" }, { - "unique_content_id": "ff61a97582c458aeb4d5ce6ba69eb454", + "unique_content_id": "24b08c44925cb56c17de3217453060b4", "aliases": [ "CVE-2016-2179", "VC-OPENSSL-20160822-CVE-2016-2179" @@ -2933,7 +2915,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2179", "severities": [], "reference_id": "CVE-2016-2179" }, @@ -2961,7 +2943,7 @@ "date_published": "2016-08-22T00:00:00+00:00" }, { - "unique_content_id": "f027da2fa29b767604f2046279f89e08", + "unique_content_id": "13ac05f02e4c5a6ca138752d07b786ba", "aliases": [ "CVE-2016-2181", "VC-OPENSSL-20160819-CVE-2016-2181" @@ -2995,7 +2977,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2181", "severities": [], "reference_id": "CVE-2016-2181" }, @@ -3023,7 +3005,47 @@ "date_published": "2016-08-19T00:00:00+00:00" }, { - "unique_content_id": "cb0a57ed002a0268caeba68ec29b7341", + "unique_content_id": "eca7be74f0e34397e9947ccb3c908c84", + "aliases": [ + "CVE-2015-0291", + "VC-OPENSSL-20150319-CVE-2015-0291" + ], + "summary": "ClientHello sigalgs DoS. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.2a", + "affected_version_range": "vers:openssl/1.0.2" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0291", + "severities": [], + "reference_id": "CVE-2015-0291" + }, + { + "url": "https://www.openssl.org/news/secadv/20150319.txt", + "severities": [ + { + "value": "High", + "system": "generic_textual" + } + ], + "reference_id": "" + } + ], + "date_published": "2015-03-19T00:00:00+00:00" + }, + { + "unique_content_id": "c9c1774d70e4979b79499ec6ff533f9a", "aliases": [ "CVE-2016-6306", "VC-OPENSSL-20160921-CVE-2016-6306" @@ -3057,7 +3079,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", "severities": [], "reference_id": "CVE-2016-6306" }, @@ -3085,7 +3107,7 @@ "date_published": "2016-09-21T00:00:00+00:00" }, { - "unique_content_id": "1021ea947d23c9b346182ffe0e7e8935", + "unique_content_id": "2f3fe699489fab49fe5a6a4760205bf3", "aliases": [ "CVE-2016-6307", "VC-OPENSSL-20160921-CVE-2016-6307" @@ -3107,7 +3129,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6307", "severities": [], "reference_id": "CVE-2016-6307" }, @@ -3130,7 +3152,7 @@ "date_published": "2016-09-21T00:00:00+00:00" }, { - "unique_content_id": "a15184c51054ffd945e384ff199de22b", + "unique_content_id": "4873b487950a0bb12e16171ef49a4d3c", "aliases": [ "CVE-2016-6308", "VC-OPENSSL-20160921-CVE-2016-6308" @@ -3152,7 +3174,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6308", "severities": [], "reference_id": "CVE-2016-6308" }, @@ -3175,7 +3197,7 @@ "date_published": "2016-09-21T00:00:00+00:00" }, { - "unique_content_id": "d52362295a0b773c5b373c954f27f8ca", + "unique_content_id": "bd5d8e4d20b7b4bee63e89fc6f72eed0", "aliases": [ "CVE-2016-2108", "VC-OPENSSL-20160503-CVE-2016-2108" @@ -3209,7 +3231,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2108", "severities": [], "reference_id": "CVE-2016-2108" }, @@ -3227,7 +3249,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "34bdfd887f81930873c551b1cd295f63", + "unique_content_id": "9ce420ee730c963d702844541a8114f7", "aliases": [ "CVE-2016-2107", "VC-OPENSSL-20160503-CVE-2016-2107" @@ -3261,7 +3283,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2107", "severities": [], "reference_id": "CVE-2016-2107" }, @@ -3284,7 +3306,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "ddaf99c1f36529276a3c73ed6ed1b97d", + "unique_content_id": "b6ddcacc7a2ddbd149943494239f9247", "aliases": [ "CVE-2016-2105", "VC-OPENSSL-20160503-CVE-2016-2105" @@ -3318,7 +3340,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2105", "severities": [], "reference_id": "CVE-2016-2105" }, @@ -3336,7 +3358,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "aa7b942e8e861d16ffe012d22c6953c4", + "unique_content_id": "781c7572161ca98b06d842d4f7b7b225", "aliases": [ "CVE-2016-2106", "VC-OPENSSL-20160503-CVE-2016-2106" @@ -3370,7 +3392,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2106", "severities": [], "reference_id": "CVE-2016-2106" }, @@ -3388,7 +3410,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "03333c3aec6b2bb53a1116a0e0ed20b1", + "unique_content_id": "1ced378b9cb095d0a76f3485e8316088", "aliases": [ "CVE-2016-2109", "VC-OPENSSL-20160503-CVE-2016-2109" @@ -3422,7 +3444,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2109", "severities": [], "reference_id": "CVE-2016-2109" }, @@ -3440,7 +3462,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "55bf0deaed35edf1fc6f49b8ef3cb5ff", + "unique_content_id": "9b9919e189c74dff3679b483dbff020c", "aliases": [ "CVE-2016-2176", "VC-OPENSSL-20160503-CVE-2016-2176" @@ -3474,7 +3496,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2176", "severities": [], "reference_id": "CVE-2016-2176" }, @@ -3492,7 +3514,7 @@ "date_published": "2016-05-03T00:00:00+00:00" }, { - "unique_content_id": "2e53757a450298cadcfcb1c5bce683c0", + "unique_content_id": "3506496e68899788f662b53b00128361", "aliases": [ "CVE-2016-0800", "VC-OPENSSL-20160301-CVE-2016-0800" @@ -3526,7 +3548,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0800", "severities": [], "reference_id": "CVE-2016-0800" }, @@ -3544,99 +3566,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "6e586ab0d93d78846b32f4f1b8e0ec7b", - "aliases": [ - "CVE-2016-0705", - "VC-OPENSSL-20160301-CVE-2016-0705" - ], - "summary": "A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.1s", - "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h|1.0.1i|1.0.1j|1.0.1k|1.0.1l|1.0.1m|1.0.1n|1.0.1o|1.0.1p|1.0.1q|1.0.1r" - }, - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.2g", - "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2016-0705" - }, - { - "url": "https://www.openssl.org/news/secadv/20160301.txt", - "severities": [ - { - "value": "Low", - "system": "generic_textual" - } - ], - "reference_id": "" - } - ], - "date_published": "2016-03-01T00:00:00+00:00" - }, - { - "unique_content_id": "f5c33327718e57a47a0ebf688e327224", - "aliases": [ - "CVE-2015-0285", - "VC-OPENSSL-20150310-CVE-2015-0285" - ], - "summary": "Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.2a", - "affected_version_range": "vers:openssl/1.0.2" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2015-0285" - }, - { - "url": "https://www.openssl.org/news/secadv/20150319.txt", - "severities": [ - { - "value": "Low", - "system": "generic_textual" - } - ], - "reference_id": "" - } - ], - "date_published": "2015-03-10T00:00:00+00:00" - }, - { - "unique_content_id": "8c344debbfbad606a3b0c91e7ff135f6", + "unique_content_id": "64f9fb4fe274a7cc9baa68f4af887e48", "aliases": [ "CVE-2016-0798", "VC-OPENSSL-20160301-CVE-2016-0798" @@ -3670,7 +3600,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0798", "severities": [], "reference_id": "CVE-2016-0798" }, @@ -3688,7 +3618,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "778ae8aae8c7ec564f91a1d54b5bd22a", + "unique_content_id": "4122befa930618fe84e02259b2e79562", "aliases": [ "CVE-2016-0797", "VC-OPENSSL-20160301-CVE-2016-0797" @@ -3722,7 +3652,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0797", "severities": [], "reference_id": "CVE-2016-0797" }, @@ -3740,7 +3670,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "383a168d52072f9fb98f812e7919cce1", + "unique_content_id": "023db760fe535a1ea9f85b3938912aee", "aliases": [ "CVE-2016-0799", "VC-OPENSSL-20160301-CVE-2016-0799" @@ -3774,7 +3704,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0799", "severities": [], "reference_id": "CVE-2016-0799" }, @@ -3792,7 +3722,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "c2734beb3e0dedc37fd361bb0d888905", + "unique_content_id": "2101ddd07ece5883480bde27f4e0cf01", "aliases": [ "CVE-2016-0702", "VC-OPENSSL-20160301-CVE-2016-0702" @@ -3826,7 +3756,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0702", "severities": [], "reference_id": "CVE-2016-0702" }, @@ -3844,12 +3774,12 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "2d9ed1f424ee9296f6e456a78bee0223", + "unique_content_id": "1f2782accf0ef33eec7f7c21fe969938", "aliases": [ - "CVE-2014-3513", - "VC-OPENSSL-20141015-CVE-2014-3513" + "CVE-2008-0891", + "VC-OPENSSL-20080528-CVE-2008-0891" ], - "summary": "A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.", + "summary": "Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause it to crash.", "affected_packages": [ { "package": { @@ -3860,31 +3790,26 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.0.1j", - "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h|1.0.1i" + "fixed_version": "0.9.8h", + "affected_version_range": "vers:openssl/0.9.8f|0.9.8g" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0891", "severities": [], - "reference_id": "CVE-2014-3513" + "reference_id": "CVE-2008-0891" }, { - "url": "https://www.openssl.org/news/secadv/20141015.txt", - "severities": [ - { - "value": "High", - "system": "generic_textual" - } - ], + "url": "https://www.openssl.org/news/secadv/20080528.txt", + "severities": [], "reference_id": "" } ], - "date_published": "2014-10-15T00:00:00+00:00" + "date_published": "2008-05-28T00:00:00+00:00" }, { - "unique_content_id": "1de331b0ef2c5812dc3277fbfc017b8e", + "unique_content_id": "8267dd00782c5b19c9f234aa1e9a43f3", "aliases": [ "CVE-2016-0703", "VC-OPENSSL-20160301-CVE-2016-0703" @@ -3942,7 +3867,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0703", "severities": [], "reference_id": "CVE-2016-0703" }, @@ -3960,7 +3885,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "04b82aa8903f2067f6050781c81e65d6", + "unique_content_id": "28f16df4f3daa41f80ca706bb1da6207", "aliases": [ "CVE-2016-0704", "VC-OPENSSL-20160301-CVE-2016-0704" @@ -4018,7 +3943,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0704", "severities": [], "reference_id": "CVE-2016-0704" }, @@ -4036,7 +3961,7 @@ "date_published": "2016-03-01T00:00:00+00:00" }, { - "unique_content_id": "7ec5b2bb85ae1f4a52fb5ee6e0cc18ed", + "unique_content_id": "0777f77812eeceec0365835b4263657d", "aliases": [ "CVE-2016-0701", "VC-OPENSSL-20160128-CVE-2016-0701" @@ -4058,7 +3983,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0701", "severities": [], "reference_id": "CVE-2016-0701" }, @@ -4076,7 +4001,7 @@ "date_published": "2016-01-28T00:00:00+00:00" }, { - "unique_content_id": "05aedfa21726dd848553023ee1c8fb8f", + "unique_content_id": "fc2f742b725439e7be346bfe8d533551", "aliases": [ "CVE-2015-3197", "VC-OPENSSL-20160128-CVE-2015-3197" @@ -4110,7 +4035,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3197", "severities": [], "reference_id": "CVE-2015-3197" }, @@ -4128,7 +4053,7 @@ "date_published": "2016-01-28T00:00:00+00:00" }, { - "unique_content_id": "9e5932737ac5a27a586abec97aa311ec", + "unique_content_id": "23636fd7ee3e368036ebc3c5d9e72b1d", "aliases": [ "CVE-2015-1794", "VC-OPENSSL-20150811-CVE-2015-1794" @@ -4150,7 +4075,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1794", "severities": [], "reference_id": "CVE-2015-1794" }, @@ -4168,7 +4093,7 @@ "date_published": "2015-08-11T00:00:00+00:00" }, { - "unique_content_id": "0ddc28b4cb4fc0ed90e2eaaf4688b7de", + "unique_content_id": "75cfe7850195ebbca3bd42f987632dcd", "aliases": [ "CVE-2015-3193", "VC-OPENSSL-20151203-CVE-2015-3193" @@ -4190,7 +4115,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3193", "severities": [], "reference_id": "CVE-2015-3193" }, @@ -4208,7 +4133,7 @@ "date_published": "2015-12-03T00:00:00+00:00" }, { - "unique_content_id": "75e732f747297656a2be8d59bf152227", + "unique_content_id": "cc51dac131bce0bd19788f2225869016", "aliases": [ "CVE-2015-3194", "VC-OPENSSL-20151203-CVE-2015-3194" @@ -4242,7 +4167,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3194", "severities": [], "reference_id": "CVE-2015-3194" }, @@ -4260,7 +4185,7 @@ "date_published": "2015-12-03T00:00:00+00:00" }, { - "unique_content_id": "bac1fd17e89a2d02c774516e3446d733", + "unique_content_id": "692845da51eb8c47baa72c584f82d55d", "aliases": [ "CVE-2015-3195", "VC-OPENSSL-20151203-CVE-2015-3195" @@ -4318,7 +4243,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3195", "severities": [], "reference_id": "CVE-2015-3195" }, @@ -4336,7 +4261,7 @@ "date_published": "2015-12-03T00:00:00+00:00" }, { - "unique_content_id": "7192d34ca33d47717b988a57bd1a2b20", + "unique_content_id": "cb41dd338eae6ef24d74b9880a71ab3c", "aliases": [ "CVE-2015-3196", "VC-OPENSSL-20151203-CVE-2015-3196" @@ -4382,7 +4307,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3196", "severities": [], "reference_id": "CVE-2015-3196" }, @@ -4400,7 +4325,7 @@ "date_published": "2015-12-03T00:00:00+00:00" }, { - "unique_content_id": "c0e783c4febf335ead951a13723dd869", + "unique_content_id": "626196998fcc82390de1c4f11bcb5c10", "aliases": [ "CVE-2015-1793", "VC-OPENSSL-20150709-CVE-2015-1793" @@ -4434,7 +4359,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793", "severities": [], "reference_id": "CVE-2015-1793" }, @@ -4452,7 +4377,7 @@ "date_published": "2015-07-09T00:00:00+00:00" }, { - "unique_content_id": "05f50ac85a801f5beefd07bfd4b15cfe", + "unique_content_id": "d4948addae4359ea3024e099c5a44471", "aliases": [ "CVE-2015-1788", "VC-OPENSSL-20150611-CVE-2015-1788" @@ -4510,7 +4435,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1788", "severities": [], "reference_id": "CVE-2015-1788" }, @@ -4528,7 +4453,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "7f24514f3c80746aa1c223e24ddacc47", + "unique_content_id": "6f019495566babdc220787d764ecfcb3", "aliases": [ "CVE-2015-1789", "VC-OPENSSL-20150611-CVE-2015-1789" @@ -4586,7 +4511,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789", "severities": [], "reference_id": "CVE-2015-1789" }, @@ -4604,7 +4529,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "5c2b973ba9b693ba66ffcf601e708414", + "unique_content_id": "de0847d5d8534a67402a297b4482b1bf", "aliases": [ "CVE-2015-1790", "VC-OPENSSL-20150611-CVE-2015-1790" @@ -4662,7 +4587,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1790", "severities": [], "reference_id": "CVE-2015-1790" }, @@ -4680,7 +4605,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "5d5b02c8edde1e5b3820831ded49d083", + "unique_content_id": "3590b88a90950e42228acf56eb865571", "aliases": [ "CVE-2015-1792", "VC-OPENSSL-20150611-CVE-2015-1792" @@ -4738,7 +4663,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1792", "severities": [], "reference_id": "CVE-2015-1792" }, @@ -4756,7 +4681,7 @@ "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "1f92ce539b73e409949c5727856349c0", + "unique_content_id": "49a4738b52d1c4bd20756d8ada536528", "aliases": [ "CVE-2015-1791", "VC-OPENSSL-20150602-CVE-2015-1791" @@ -4814,7 +4739,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1791", "severities": [], "reference_id": "CVE-2015-1791" }, @@ -4832,54 +4757,7 @@ "date_published": "2015-06-02T00:00:00+00:00" }, { - "unique_content_id": "274721f74ca5df57e1f430f40b40698c", - "aliases": [ - "CVE-2014-3509", - "VC-OPENSSL-20140806-CVE-2014-3509" - ], - "summary": "A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.0n", - "affected_version_range": "vers:openssl/1.0.0|1.0.0a|1.0.0b|1.0.0c|1.0.0d|1.0.0e|1.0.0f|1.0.0g|1.0.0i|1.0.0j|1.0.0k|1.0.0l|1.0.0m" - }, - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.1i", - "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2014-3509" - }, - { - "url": "https://www.openssl.org/news/secadv/20140806.txt", - "severities": [], - "reference_id": "" - } - ], - "date_published": "2014-08-06T00:00:00+00:00" - }, - { - "unique_content_id": "ef95ca9d87da14e3dd6870da0348c98c", + "unique_content_id": "c2558909bddeaa670f89ebf69b7f8518", "aliases": [ "CVE-2014-8176", "VC-OPENSSL-20150611-CVE-2014-8176" @@ -4904,52 +4782,12 @@ "type": "openssl", "subpath": null, "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.0m", - "affected_version_range": "vers:openssl/1.0.0|1.0.0a|1.0.0b|1.0.0c|1.0.0d|1.0.0e|1.0.0f|1.0.0g|1.0.0i|1.0.0j|1.0.0k|1.0.0l" - }, - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.1h", - "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2014-8176" - }, - { - "url": "https://www.openssl.org/news/secadv/20150611.txt", - "severities": [ - { - "value": "Moderate", - "system": "generic_textual" - } - ], - "reference_id": "" - } - ], - "date_published": "2015-06-11T00:00:00+00:00" - }, - { - "unique_content_id": "76f13cccf843e476e1514dbd7581f128", - "aliases": [ - "CVE-2015-0291", - "VC-OPENSSL-20150319-CVE-2015-0291" - ], - "summary": "ClientHello sigalgs DoS. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.", - "affected_packages": [ + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.0m", + "affected_version_range": "vers:openssl/1.0.0|1.0.0a|1.0.0b|1.0.0c|1.0.0d|1.0.0e|1.0.0f|1.0.0g|1.0.0i|1.0.0j|1.0.0k|1.0.0l" + }, { "package": { "name": "openssl", @@ -4959,31 +4797,31 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.0.2a", - "affected_version_range": "vers:openssl/1.0.2" + "fixed_version": "1.0.1h", + "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8176", "severities": [], - "reference_id": "CVE-2015-0291" + "reference_id": "CVE-2014-8176" }, { - "url": "https://www.openssl.org/news/secadv/20150319.txt", + "url": "https://www.openssl.org/news/secadv/20150611.txt", "severities": [ { - "value": "High", + "value": "Moderate", "system": "generic_textual" } ], "reference_id": "" } ], - "date_published": "2015-03-19T00:00:00+00:00" + "date_published": "2015-06-11T00:00:00+00:00" }, { - "unique_content_id": "b69cac47f8b686635a7fa8a686f04fc7", + "unique_content_id": "fb42200139181c92c8131fad25bb89d9", "aliases": [ "CVE-2015-0290", "VC-OPENSSL-20150319-CVE-2015-0290" @@ -5005,7 +4843,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0290", "severities": [], "reference_id": "CVE-2015-0290" }, @@ -5023,7 +4861,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "3259ceca9758ca4badef1d0e82361d3c", + "unique_content_id": "2da340f13e79053e9d7cbb28e21f8cdd", "aliases": [ "CVE-2015-0207", "VC-OPENSSL-20150319-CVE-2015-0207" @@ -5045,7 +4883,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0207", "severities": [], "reference_id": "CVE-2015-0207" }, @@ -5063,7 +4901,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "ffec773a3e0d112e090fbdd7108cd5a3", + "unique_content_id": "e0f46c4ed3ca54619ea97de2337d0b06", "aliases": [ "CVE-2015-0286", "VC-OPENSSL-20150319-CVE-2015-0286" @@ -5121,7 +4959,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286", "severities": [], "reference_id": "CVE-2015-0286" }, @@ -5139,12 +4977,12 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "48340168620a45649e2fe8ea1e056cb1", + "unique_content_id": "c82e34960bf52e30bf11b64c33212e77", "aliases": [ - "CVE-2014-3512", - "VC-OPENSSL-20140806-CVE-2014-3512" + "CVE-2015-0208", + "VC-OPENSSL-20150319-CVE-2015-0208" ], - "summary": "A SRP buffer overrun was found. A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.", + "summary": "Segmentation fault for invalid PSS parameters. The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.", "affected_packages": [ { "package": { @@ -5155,26 +4993,31 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "1.0.1i", - "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h" + "fixed_version": "1.0.2a", + "affected_version_range": "vers:openssl/1.0.2" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0208", "severities": [], - "reference_id": "CVE-2014-3512" + "reference_id": "CVE-2015-0208" }, { - "url": "https://www.openssl.org/news/secadv/20140806.txt", - "severities": [], + "url": "https://www.openssl.org/news/secadv/20150319.txt", + "severities": [ + { + "value": "Moderate", + "system": "generic_textual" + } + ], "reference_id": "" } ], - "date_published": "2014-08-06T00:00:00+00:00" + "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "175d6adec90fb6214db3d4157f75cad2", + "unique_content_id": "c1f153eae7cc1ab2e5d45ef9037c8483", "aliases": [ "CVE-2015-0287", "VC-OPENSSL-20150319-CVE-2015-0287" @@ -5232,7 +5075,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0287", "severities": [], "reference_id": "CVE-2015-0287" }, @@ -5250,7 +5093,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "6ca721db913d0215b4aecee96a7f504a", + "unique_content_id": "c787e9ff542dedc708146af7d513f4e5", "aliases": [ "CVE-2015-0289", "VC-OPENSSL-20150319-CVE-2015-0289" @@ -5308,7 +5151,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0289", "severities": [], "reference_id": "CVE-2015-0289" }, @@ -5326,7 +5169,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "8a82575903703c20becc311354ee085a", + "unique_content_id": "610d1a3f4fe1f3152f3367e7f7977f2d", "aliases": [ "CVE-2015-0292", "VC-OPENSSL-20150319-CVE-2015-0292" @@ -5372,7 +5215,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0292", "severities": [], "reference_id": "CVE-2015-0292" }, @@ -5390,7 +5233,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "37ed2ee19af68852a20b62e9b39cff7b", + "unique_content_id": "53a9c388a3babc9137c9f8d5c16aa6b3", "aliases": [ "CVE-2015-0293", "VC-OPENSSL-20150319-CVE-2015-0293" @@ -5448,7 +5291,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0293", "severities": [], "reference_id": "CVE-2015-0293" }, @@ -5466,7 +5309,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "f1dd156c02110495e44d36ed71d274ce", + "unique_content_id": "43d97ddde2a3d7d04680811dc912789b", "aliases": [ "CVE-2015-1787", "VC-OPENSSL-20150319-CVE-2015-1787" @@ -5488,7 +5331,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1787", "severities": [], "reference_id": "CVE-2015-1787" }, @@ -5506,7 +5349,47 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "5e151d91636c003d1ce99a4463374d81", + "unique_content_id": "ef26fee8241abc7d63cf6a6c31f37227", + "aliases": [ + "CVE-2015-0285", + "VC-OPENSSL-20150310-CVE-2015-0285" + ], + "summary": "Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.2a", + "affected_version_range": "vers:openssl/1.0.2" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0285", + "severities": [], + "reference_id": "CVE-2015-0285" + }, + { + "url": "https://www.openssl.org/news/secadv/20150319.txt", + "severities": [ + { + "value": "Low", + "system": "generic_textual" + } + ], + "reference_id": "" + } + ], + "date_published": "2015-03-10T00:00:00+00:00" + }, + { + "unique_content_id": "9286c4accc636bb2d3be1b468b3cace4", "aliases": [ "CVE-2015-0209", "VC-OPENSSL-20150319-CVE-2015-0209" @@ -5564,7 +5447,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0209", "severities": [], "reference_id": "CVE-2015-0209" }, @@ -5582,7 +5465,7 @@ "date_published": "2015-03-19T00:00:00+00:00" }, { - "unique_content_id": "6e4aaa0dbde11b7cca17298671414987", + "unique_content_id": "47c67a4346cae9669fe347406c95c431", "aliases": [ "CVE-2015-0288", "VC-OPENSSL-20150302-CVE-2015-0288" @@ -5640,7 +5523,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288", "severities": [], "reference_id": "CVE-2015-0288" }, @@ -5658,7 +5541,7 @@ "date_published": "2015-03-02T00:00:00+00:00" }, { - "unique_content_id": "479496f10a81f2fc3be767cb2adc8661", + "unique_content_id": "1684c4ac6d329374b3be002ae1d092e2", "aliases": [ "CVE-2015-0206", "VC-OPENSSL-20150108-CVE-2015-0206" @@ -5692,7 +5575,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206", "severities": [], "reference_id": "CVE-2015-0206" }, @@ -5710,7 +5593,7 @@ "date_published": "2015-01-08T00:00:00+00:00" }, { - "unique_content_id": "847a35091e0be4fed29e716a7610e17c", + "unique_content_id": "b1da1cde21ecd834f84496c1980c6c2a", "aliases": [ "CVE-2014-3569", "VC-OPENSSL-20141021-CVE-2014-3569" @@ -5756,7 +5639,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569", "severities": [], "reference_id": "CVE-2014-3569" }, @@ -5774,7 +5657,7 @@ "date_published": "2014-10-21T00:00:00+00:00" }, { - "unique_content_id": "52057c57a27f73a5d98b5a7766a9c40e", + "unique_content_id": "fcaff5e260e813572bfc67ff2a304d25", "aliases": [ "CVE-2014-3572", "VC-OPENSSL-20150105-CVE-2014-3572" @@ -5820,7 +5703,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572", "severities": [], "reference_id": "CVE-2014-3572" }, @@ -5838,7 +5721,7 @@ "date_published": "2015-01-05T00:00:00+00:00" }, { - "unique_content_id": "17b5827e958fcb86bdeb838be5bcdf95", + "unique_content_id": "0e127de6fafb7d7e261db49417760ba9", "aliases": [ "CVE-2014-3571", "VC-OPENSSL-20150105-CVE-2014-3571" @@ -5884,7 +5767,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571", "severities": [], "reference_id": "CVE-2014-3571" }, @@ -5902,7 +5785,7 @@ "date_published": "2015-01-05T00:00:00+00:00" }, { - "unique_content_id": "fdad81b8715a7e629d2fcbe7d24e44d5", + "unique_content_id": "6a6be6bf98981fe79b516cab4ffdbbce", "aliases": [ "CVE-2015-0204", "VC-OPENSSL-20150106-CVE-2015-0204" @@ -5948,7 +5831,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204", "severities": [], "reference_id": "CVE-2015-0204" }, @@ -5966,7 +5849,7 @@ "date_published": "2015-01-06T00:00:00+00:00" }, { - "unique_content_id": "2ec692ce624217781b5e523fe47820d2", + "unique_content_id": "b0ae7519b7208e9e1445a93f09837e72", "aliases": [ "CVE-2015-0205", "VC-OPENSSL-20150108-CVE-2015-0205" @@ -6000,7 +5883,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205", "severities": [], "reference_id": "CVE-2015-0205" }, @@ -6018,7 +5901,7 @@ "date_published": "2015-01-08T00:00:00+00:00" }, { - "unique_content_id": "6513261e532a23aa1b52f8893f068b13", + "unique_content_id": "065f44427e0d663d8234e64bf1843fdd", "aliases": [ "CVE-2014-8275", "VC-OPENSSL-20150105-CVE-2014-8275" @@ -6064,7 +5947,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275", "severities": [], "reference_id": "CVE-2014-8275" }, @@ -6082,7 +5965,7 @@ "date_published": "2015-01-05T00:00:00+00:00" }, { - "unique_content_id": "ae68769583c8c1fe7393058e48a63417", + "unique_content_id": "0a41661f218f8317d4028d11a2423cac", "aliases": [ "CVE-2014-3570", "VC-OPENSSL-20150108-CVE-2014-3570" @@ -6128,7 +6011,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570", "severities": [], "reference_id": "CVE-2014-3570" }, @@ -6146,7 +6029,7 @@ "date_published": "2015-01-08T00:00:00+00:00" }, { - "unique_content_id": "9c0e33231c6b1e2c759d4c591a766b59", + "unique_content_id": "0dbc354e8b6ffda1dc282284dc7ca66e", "aliases": [ "CVE-2014-3567", "VC-OPENSSL-20141015-CVE-2014-3567" @@ -6192,7 +6075,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3567", "severities": [], "reference_id": "CVE-2014-3567" }, @@ -6257,7 +6140,7 @@ "date_published": "2014-10-15T00:00:00+00:00" }, { - "unique_content_id": "29b5036458d0d90bf3a5a7e57cd7b3d1", + "unique_content_id": "f361c3818d069effcb24f21fcd72db85", "aliases": [ "CVE-2014-3568", "VC-OPENSSL-20141015-CVE-2014-3568" @@ -6303,7 +6186,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3568", "severities": [], "reference_id": "CVE-2014-3568" }, @@ -6321,7 +6204,7 @@ "date_published": "2014-10-15T00:00:00+00:00" }, { - "unique_content_id": "a9cb75fdf1a17102554568040d681fae", + "unique_content_id": "3c0bc908a2f8b2ec18eabf6b12757586", "aliases": [ "CVE-2014-3508", "VC-OPENSSL-20140806-CVE-2014-3508" @@ -6367,7 +6250,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3508", "severities": [], "reference_id": "CVE-2014-3508" }, @@ -6380,7 +6263,7 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "69d36d4b0dd93b11efe05b664b305d03", + "unique_content_id": "556ac77a9be9aa218ddaa6bafb6c3ef1", "aliases": [ "CVE-2014-5139", "VC-OPENSSL-20140806-CVE-2014-5139" @@ -6402,7 +6285,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5139", "severities": [], "reference_id": "CVE-2014-5139" }, @@ -6415,7 +6298,54 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "05710e7ee85dd368861ee43b6081f746", + "unique_content_id": "cc4b40b103fcbee25daf28d68cfc0f96", + "aliases": [ + "CVE-2014-3509", + "VC-OPENSSL-20140806-CVE-2014-3509" + ], + "summary": "A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.0n", + "affected_version_range": "vers:openssl/1.0.0|1.0.0a|1.0.0b|1.0.0c|1.0.0d|1.0.0e|1.0.0f|1.0.0g|1.0.0i|1.0.0j|1.0.0k|1.0.0l|1.0.0m" + }, + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.1i", + "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3509", + "severities": [], + "reference_id": "CVE-2014-3509" + }, + { + "url": "https://www.openssl.org/news/secadv/20140806.txt", + "severities": [], + "reference_id": "" + } + ], + "date_published": "2014-08-06T00:00:00+00:00" + }, + { + "unique_content_id": "ddb7ca3a4fe071c0b0e2bce9159e80a9", "aliases": [ "CVE-2014-3505", "VC-OPENSSL-20140806-CVE-2014-3505" @@ -6461,7 +6391,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3505", "severities": [], "reference_id": "CVE-2014-3505" }, @@ -6474,7 +6404,7 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "1a565fd1b673f324f74b5bae1b174fff", + "unique_content_id": "9a0cc7af593e54b92b6972add5003c70", "aliases": [ "CVE-2014-3506", "VC-OPENSSL-20140806-CVE-2014-3506" @@ -6520,7 +6450,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3506", "severities": [], "reference_id": "CVE-2014-3506" }, @@ -6533,7 +6463,7 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "976e5267eddd767832cb276041535588", + "unique_content_id": "3f2bdad8de4efd2e68f4bf04d8cb7038", "aliases": [ "CVE-2014-3507", "VC-OPENSSL-20140806-CVE-2014-3507" @@ -6579,7 +6509,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3507", "severities": [], "reference_id": "CVE-2014-3507" }, @@ -6592,7 +6522,7 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "5e2c2077ac3950a6c43e43aa7677b09e", + "unique_content_id": "f2c41d8c1f22980784c20b489c539cfb", "aliases": [ "CVE-2014-3510", "VC-OPENSSL-20140806-CVE-2014-3510" @@ -6638,7 +6568,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3510", "severities": [], "reference_id": "CVE-2014-3510" }, @@ -6651,7 +6581,7 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "e19b7e1c1c914be3befa3b776f835a78", + "unique_content_id": "9538bc3461d96c2b21db3c1fac24baa1", "aliases": [ "CVE-2014-3511", "VC-OPENSSL-20140806-CVE-2014-3511" @@ -6673,7 +6603,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3511", "severities": [], "reference_id": "CVE-2014-3511" }, @@ -6686,7 +6616,112 @@ "date_published": "2014-08-06T00:00:00+00:00" }, { - "unique_content_id": "987884e146e1efc5c9d628dc8fa0429f", + "unique_content_id": "69b45e7fa2c0b4fb073a8b82849decbd", + "aliases": [ + "CVE-2014-3512", + "VC-OPENSSL-20140806-CVE-2014-3512" + ], + "summary": "A SRP buffer overrun was found. A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.1i", + "affected_version_range": "vers:openssl/1.0.1|1.0.1a|1.0.1b|1.0.1c|1.0.1d|1.0.1e|1.0.1f|1.0.1g|1.0.1h" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3512", + "severities": [], + "reference_id": "CVE-2014-3512" + }, + { + "url": "https://www.openssl.org/news/secadv/20140806.txt", + "severities": [], + "reference_id": "" + } + ], + "date_published": "2014-08-06T00:00:00+00:00" + }, + { + "unique_content_id": "2ec1914c66b9d7965fca6a0e0bf6c0ec", + "aliases": [ + "CVE-2002-0655", + "VC-OPENSSL-20020730-CVE-2002-0655" + ], + "summary": "Inproper handling of ASCII representations of integers on 64 bit platforms allowed remote attackers to cause a denial of service or possibly execute arbitrary code.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "0.9.6e", + "affected_version_range": "vers:openssl/0.9.6|0.9.6a|0.9.6b|0.9.6c|0.9.6d" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0655", + "severities": [], + "reference_id": "CVE-2002-0655" + }, + { + "url": "https://www.openssl.org/news/secadv/20020730.txt", + "severities": [], + "reference_id": "" + } + ], + "date_published": "2002-07-30T00:00:00+00:00" + }, + { + "unique_content_id": "25d5f2c0daeaee15470dfefa43708d73", + "aliases": [ + "CVE-2002-0656", + "VC-OPENSSL-20020730-CVE-2002-0656" + ], + "summary": "A buffer overflow allowed remote attackers to execute arbitrary code by sending a large client master key in SSL2 or a large session ID in SSL3.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "0.9.6e", + "affected_version_range": "vers:openssl/0.9.6|0.9.6a|0.9.6b|0.9.6c|0.9.6d" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0656", + "severities": [], + "reference_id": "CVE-2002-0656" + }, + { + "url": "https://www.openssl.org/news/secadv/20020730.txt", + "severities": [], + "reference_id": "" + } + ], + "date_published": "2002-07-30T00:00:00+00:00" + }, + { + "unique_content_id": "c98c11a31d0c05afb57039eac59ae4b1", "aliases": [ "CVE-2002-0657", "VC-OPENSSL-20020730-CVE-2002-0657" @@ -6708,7 +6743,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0657", "severities": [], "reference_id": "CVE-2002-0657" }, @@ -6721,7 +6756,7 @@ "date_published": "2002-07-30T00:00:00+00:00" }, { - "unique_content_id": "0caaff01e703b6a80f8248d42ba9027d", + "unique_content_id": "cb80d3d5cbb3cecb0f4a3288931c2ed3", "aliases": [ "CVE-2002-0659", "VC-OPENSSL-20020730-CVE-2002-0659" @@ -6743,7 +6778,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0659", "severities": [], "reference_id": "CVE-2002-0659" }, @@ -6756,7 +6791,7 @@ "date_published": "2002-07-30T00:00:00+00:00" }, { - "unique_content_id": "95d735c8a23ec9de4c18ff629f88d6de", + "unique_content_id": "e030092a3a2d0cce363e5f70220b78dd", "aliases": [ "CVE-2002-1568", "VC-OPENSSL-20020808-CVE-2002-1568" @@ -6778,7 +6813,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1568", "severities": [], "reference_id": "CVE-2002-1568" }, @@ -6791,7 +6826,7 @@ "date_published": "2002-08-08T00:00:00+00:00" }, { - "unique_content_id": "07b6f9551593b12b3be88cb250d85002", + "unique_content_id": "73a5c0c4082149dea0cc58110cce5240", "aliases": [ "CVE-2003-0078", "VC-OPENSSL-20030219-CVE-2003-0078" @@ -6825,7 +6860,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0078", "severities": [], "reference_id": "CVE-2003-0078" }, @@ -6838,7 +6873,7 @@ "date_published": "2003-02-19T00:00:00+00:00" }, { - "unique_content_id": "ceae0dd8e9a2dd706c486f1fa89e97b8", + "unique_content_id": "55cc2fb9b51cb4777fe7ea4b98a45853", "aliases": [ "CVE-2003-0131", "VC-OPENSSL-20030319-CVE-2003-0131" @@ -6872,7 +6907,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0131", "severities": [], "reference_id": "CVE-2003-0131" }, @@ -6885,7 +6920,7 @@ "date_published": "2003-03-19T00:00:00+00:00" }, { - "unique_content_id": "84eb24a738ec971aa24ac40769fe1235", + "unique_content_id": "63a8a6e8a2dbde22c68815ec8fa6e1b5", "aliases": [ "CVE-2003-0147", "VC-OPENSSL-20030314-CVE-2003-0147" @@ -6919,7 +6954,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0147", "severities": [], "reference_id": "CVE-2003-0147" }, @@ -6932,7 +6967,7 @@ "date_published": "2003-03-14T00:00:00+00:00" }, { - "unique_content_id": "c875e2f8b6f824fd58fb32583f627735", + "unique_content_id": "aebb33e7fbb490eac9a8a617fc0d7ca3", "aliases": [ "CVE-2003-0543", "VC-OPENSSL-20030930-CVE-2003-0543" @@ -6966,7 +7001,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543", "severities": [], "reference_id": "CVE-2003-0543" }, @@ -6979,7 +7014,7 @@ "date_published": "2003-09-30T00:00:00+00:00" }, { - "unique_content_id": "aaa14f58f8ad2c60769d673bc682b039", + "unique_content_id": "b00ab5e0ca915c6c9b2663a0ee19e472", "aliases": [ "CVE-2003-0544", "VC-OPENSSL-20030930-CVE-2003-0544" @@ -7013,7 +7048,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544", "severities": [], "reference_id": "CVE-2003-0544" }, @@ -7026,7 +7061,7 @@ "date_published": "2003-09-30T00:00:00+00:00" }, { - "unique_content_id": "24cc1ac2523e533661a6d24be2eb404e", + "unique_content_id": "9ae2c602beabf73d535f1933f2bdee91", "aliases": [ "CVE-2003-0545", "VC-OPENSSL-20030930-CVE-2003-0545" @@ -7048,7 +7083,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0545", "severities": [], "reference_id": "CVE-2003-0545" }, @@ -7061,12 +7096,47 @@ "date_published": "2003-09-30T00:00:00+00:00" }, { - "unique_content_id": "cc881a10ae13a1ff1e22d4e3773f029c", + "unique_content_id": "b9dbe99eb99cff6623b2f07bda3db3e1", + "aliases": [ + "CVE-2003-0851", + "VC-OPENSSL-20031104-CVE-2003-0851" + ], + "summary": "A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "0.9.6l", + "affected_version_range": "vers:openssl/0.9.6k" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851", + "severities": [], + "reference_id": "CVE-2003-0851" + }, + { + "url": "https://www.openssl.org/news/secadv/20031104.txt", + "severities": [], + "reference_id": "" + } + ], + "date_published": "2003-11-04T00:00:00+00:00" + }, + { + "unique_content_id": "b1b17735ced56629f76d4ad4156b9bce", "aliases": [ - "CVE-2003-0851", - "VC-OPENSSL-20031104-CVE-2003-0851" + "CVE-2008-1672", + "VC-OPENSSL-20080528-CVE-2008-1672" ], - "summary": "A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them.", + "summary": "Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash.", "affected_packages": [ { "package": { @@ -7077,26 +7147,26 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "0.9.6l", - "affected_version_range": "vers:openssl/0.9.6k" + "fixed_version": "0.9.8h", + "affected_version_range": "vers:openssl/0.9.8f|0.9.8g" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1672", "severities": [], - "reference_id": "CVE-2003-0851" + "reference_id": "CVE-2008-1672" }, { - "url": "https://www.openssl.org/news/secadv/20031104.txt", + "url": "https://www.openssl.org/news/secadv/20080528.txt", "severities": [], "reference_id": "" } ], - "date_published": "2003-11-04T00:00:00+00:00" + "date_published": "2008-05-28T00:00:00+00:00" }, { - "unique_content_id": "91ff7bb16c2f27d42964ac65dc2c52c5", + "unique_content_id": "0399fccd94425e8afdd33ffc49edcf87", "aliases": [ "CVE-2004-0079", "VC-OPENSSL-20040317-CVE-2004-0079" @@ -7130,7 +7200,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079", "severities": [], "reference_id": "CVE-2004-0079" }, @@ -7143,7 +7213,7 @@ "date_published": "2004-03-17T00:00:00+00:00" }, { - "unique_content_id": "e935cd1002752dee83817e58ef29c3aa", + "unique_content_id": "04baadb0909239aa63250f8148b840e4", "aliases": [ "CVE-2004-0081", "VC-OPENSSL-20040317-CVE-2004-0081" @@ -7165,7 +7235,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081", "severities": [], "reference_id": "CVE-2004-0081" }, @@ -7178,7 +7248,7 @@ "date_published": "2004-03-17T00:00:00+00:00" }, { - "unique_content_id": "0ad6a0f7465ee77094a891482ee522a9", + "unique_content_id": "e11001942f7918509fd2391a2595d3c8", "aliases": [ "CVE-2004-0112", "VC-OPENSSL-20040317-CVE-2004-0112" @@ -7200,7 +7270,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0112", "severities": [], "reference_id": "CVE-2004-0112" }, @@ -7213,7 +7283,7 @@ "date_published": "2004-03-17T00:00:00+00:00" }, { - "unique_content_id": "3be7544c956ac0e8651e0147ddb1c075", + "unique_content_id": "fa1f3146fe26d34512d73ade9810b151", "aliases": [ "CVE-2004-0975", "VC-OPENSSL-20040930-CVE-2004-0975" @@ -7247,7 +7317,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0975", "severities": [], "reference_id": "CVE-2004-0975" }, @@ -7260,7 +7330,7 @@ "date_published": "2004-09-30T00:00:00+00:00" }, { - "unique_content_id": "f847d2a743a6683e5cdcf5fbb8d4823d", + "unique_content_id": "6d92ea5ca68aae26e71ee69b0343b3a5", "aliases": [ "CVE-2005-2969", "VC-OPENSSL-20051011-CVE-2005-2969" @@ -7306,7 +7376,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2969", "severities": [], "reference_id": "CVE-2005-2969" }, @@ -7319,7 +7389,7 @@ "date_published": "2005-10-11T00:00:00+00:00" }, { - "unique_content_id": "4399bc9181658284871f6baf5f69bf4f", + "unique_content_id": "6213f8e51cb9850bd2d59065aecdf0cd", "aliases": [ "CVE-2006-4339", "VC-OPENSSL-20060905-CVE-2006-4339" @@ -7365,7 +7435,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4339", "severities": [], "reference_id": "CVE-2006-4339" }, @@ -7378,7 +7448,7 @@ "date_published": "2006-09-05T00:00:00+00:00" }, { - "unique_content_id": "eb1861b08bd557513ad6e83d06fc1442", + "unique_content_id": "69a5e64b56819419f55c40d5db981710", "aliases": [ "CVE-2006-2937", "VC-OPENSSL-20060928-CVE-2006-2937" @@ -7412,7 +7482,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2937", "severities": [], "reference_id": "CVE-2006-2937" }, @@ -7425,7 +7495,7 @@ "date_published": "2006-09-28T00:00:00+00:00" }, { - "unique_content_id": "a54be6c6acd66f3ef925a026cfea7fde", + "unique_content_id": "12536462776dc0fec2a706166cccb41f", "aliases": [ "CVE-2006-2940", "VC-OPENSSL-20060928-CVE-2006-2940" @@ -7471,7 +7541,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2940", "severities": [], "reference_id": "CVE-2006-2940" }, @@ -7484,7 +7554,7 @@ "date_published": "2006-09-28T00:00:00+00:00" }, { - "unique_content_id": "54333baf8e403d1795811ae03f3301a5", + "unique_content_id": "5a1555075a1a07181596e9ee755176d2", "aliases": [ "CVE-2006-3738", "VC-OPENSSL-20060928-CVE-2006-3738" @@ -7530,7 +7600,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3738", "severities": [], "reference_id": "CVE-2006-3738" }, @@ -7543,42 +7613,7 @@ "date_published": "2006-09-28T00:00:00+00:00" }, { - "unique_content_id": "097048c0aea56deb32d2ec3342d5a6ee", - "aliases": [ - "CVE-2009-0591", - "VC-OPENSSL-20090325-CVE-2009-0591" - ], - "summary": "The function CMS_verify() does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "0.9.8k", - "affected_version_range": "vers:openssl/0.9.8h|0.9.8i|0.9.8j" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2009-0591" - }, - { - "url": "https://www.openssl.org/news/secadv/20090325.txt", - "severities": [], - "reference_id": "" - } - ], - "date_published": "2009-03-25T00:00:00+00:00" - }, - { - "unique_content_id": "0516457a2a3f23bff14b92ad46827e4d", + "unique_content_id": "b8fcc1e274575002715a347b125ae8e4", "aliases": [ "CVE-2006-4343", "VC-OPENSSL-20060928-CVE-2006-4343" @@ -7624,7 +7659,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4343", "severities": [], "reference_id": "CVE-2006-4343" }, @@ -7637,7 +7672,7 @@ "date_published": "2006-09-28T00:00:00+00:00" }, { - "unique_content_id": "bb91cc0708b6b4b961cc463544cd38e5", + "unique_content_id": "ce7a360e61885d4a980deb76217c0d60", "aliases": [ "CVE-2007-4995", "VC-OPENSSL-20071012-CVE-2007-4995" @@ -7659,7 +7694,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4995", "severities": [], "reference_id": "CVE-2007-4995" }, @@ -7672,7 +7707,7 @@ "date_published": "2007-10-12T00:00:00+00:00" }, { - "unique_content_id": "24fe7aa9b453b22de1ffaad7a20a7dfc", + "unique_content_id": "70a70192d83214d772289d57dae1ee61", "aliases": [ "CVE-2007-5135", "VC-OPENSSL-20071012-CVE-2007-5135" @@ -7694,7 +7729,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5135", "severities": [], "reference_id": "CVE-2007-5135" }, @@ -7707,47 +7742,12 @@ "date_published": "2007-10-12T00:00:00+00:00" }, { - "unique_content_id": "d28cf53b88d3f8f6d736a3b55c1673be", - "aliases": [ - "CVE-2008-0891", - "VC-OPENSSL-20080528-CVE-2008-0891" - ], - "summary": "Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause it to crash.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "0.9.8h", - "affected_version_range": "vers:openssl/0.9.8f|0.9.8g" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2008-0891" - }, - { - "url": "https://www.openssl.org/news/secadv/20080528.txt", - "severities": [], - "reference_id": "" - } - ], - "date_published": "2008-05-28T00:00:00+00:00" - }, - { - "unique_content_id": "08387f74d42eae15d11b4432f63dd5f5", + "unique_content_id": "0b092b26a3a1c75112d186f6cdd60ff7", "aliases": [ - "CVE-2008-1672", - "VC-OPENSSL-20080528-CVE-2008-1672" + "CVE-2008-5077", + "VC-OPENSSL-20090107-CVE-2008-5077" ], - "summary": "Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash.", + "summary": "The Google Security Team discovered several functions inside OpenSSL incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affected the signature checks on DSA and ECDSA keys used with SSL/TLS. One way to exploit this flaw would be for a remote attacker who is in control of a malicious server or who can use a 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.", "affected_packages": [ { "package": { @@ -7758,31 +7758,31 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "0.9.8h", - "affected_version_range": "vers:openssl/0.9.8f|0.9.8g" + "fixed_version": "0.9.8j", + "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5077", "severities": [], - "reference_id": "CVE-2008-1672" + "reference_id": "CVE-2008-5077" }, { - "url": "https://www.openssl.org/news/secadv/20080528.txt", + "url": "https://www.openssl.org/news/secadv/20090107.txt", "severities": [], "reference_id": "" } ], - "date_published": "2008-05-28T00:00:00+00:00" + "date_published": "2009-01-07T00:00:00+00:00" }, { - "unique_content_id": "e6758f47e31b48a9ba6564647a25a8fa", + "unique_content_id": "e0b9e817cf72e4d773d890a61287bd88", "aliases": [ - "CVE-2008-5077", - "VC-OPENSSL-20090107-CVE-2008-5077" + "CVE-2009-0590", + "VC-OPENSSL-20090325-CVE-2009-0590" ], - "summary": "The Google Security Team discovered several functions inside OpenSSL incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affected the signature checks on DSA and ECDSA keys used with SSL/TLS. One way to exploit this flaw would be for a remote attacker who is in control of a malicious server or who can use a 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.", + "summary": "The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers, clients and S/MIME software.", "affected_packages": [ { "package": { @@ -7793,31 +7793,31 @@ "namespace": null, "qualifiers": null }, - "fixed_version": "0.9.8j", - "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i" + "fixed_version": "0.9.8k", + "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0590", "severities": [], - "reference_id": "CVE-2008-5077" + "reference_id": "CVE-2009-0590" }, { - "url": "https://www.openssl.org/news/secadv/20090107.txt", + "url": "https://www.openssl.org/news/secadv/20090325.txt", "severities": [], "reference_id": "" } ], - "date_published": "2009-01-07T00:00:00+00:00" + "date_published": "2009-03-25T00:00:00+00:00" }, { - "unique_content_id": "3beca093ffbf6750011ce0043a79c048", + "unique_content_id": "43dcbfcedcc32b87a723125d164291e1", "aliases": [ - "CVE-2009-0590", - "VC-OPENSSL-20090325-CVE-2009-0590" + "CVE-2009-0591", + "VC-OPENSSL-20090325-CVE-2009-0591" ], - "summary": "The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers, clients and S/MIME software.", + "summary": "The function CMS_verify() does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked.", "affected_packages": [ { "package": { @@ -7829,14 +7829,14 @@ "qualifiers": null }, "fixed_version": "0.9.8k", - "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j" + "affected_version_range": "vers:openssl/0.9.8h|0.9.8i|0.9.8j" } ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0591", "severities": [], - "reference_id": "CVE-2009-0590" + "reference_id": "CVE-2009-0591" }, { "url": "https://www.openssl.org/news/secadv/20090325.txt", @@ -7847,7 +7847,7 @@ "date_published": "2009-03-25T00:00:00+00:00" }, { - "unique_content_id": "6542b9ff33eeece3e91e14a9e1951604", + "unique_content_id": "1e3c05fa25e14f424f2078739c0bdc60", "aliases": [ "CVE-2009-0789", "VC-OPENSSL-20090325-CVE-2009-0789" @@ -7869,7 +7869,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0789", "severities": [], "reference_id": "CVE-2009-0789" }, @@ -7882,7 +7882,7 @@ "date_published": "2009-03-25T00:00:00+00:00" }, { - "unique_content_id": "eba90b9ae8ed3a0ef5706c8b1ac43f66", + "unique_content_id": "dd6da6267d70026a558db1a116fbee2e", "aliases": [ "CVE-2009-1386", "VC-OPENSSL-20090602-CVE-2009-1386" @@ -7904,7 +7904,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1386", "severities": [], "reference_id": "CVE-2009-1386" }, @@ -7917,7 +7917,7 @@ "date_published": "2009-06-02T00:00:00+00:00" }, { - "unique_content_id": "386e32425726305c7fe09bb485efefdd", + "unique_content_id": "e13ddcabb53c6826afd71355212e490f", "aliases": [ "CVE-2009-3555", "VC-OPENSSL-20091105-CVE-2009-3555" @@ -7939,7 +7939,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "severities": [], "reference_id": "CVE-2009-3555" }, @@ -7952,7 +7952,7 @@ "date_published": "2009-11-05T00:00:00+00:00" }, { - "unique_content_id": "4513110832710761c7664c892f3d2a1e", + "unique_content_id": "855075369cb16f6855f37e5f18dd94aa", "aliases": [ "CVE-2009-1387", "VC-OPENSSL-20090205-CVE-2009-1387" @@ -7974,7 +7974,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1387", "severities": [], "reference_id": "CVE-2009-1387" }, @@ -7987,7 +7987,7 @@ "date_published": "2009-02-05T00:00:00+00:00" }, { - "unique_content_id": "24b0667dd2e63dc2fb1f5fa7389c1a86", + "unique_content_id": "10ae2d0da4aa9205aaded1b081eb1b25", "aliases": [ "CVE-2009-1377", "VC-OPENSSL-20090512-CVE-2009-1377" @@ -8009,7 +8009,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1377", "severities": [], "reference_id": "CVE-2009-1377" }, @@ -8027,7 +8027,7 @@ "date_published": "2009-05-12T00:00:00+00:00" }, { - "unique_content_id": "602ee9079db3497144f5bbb15394e9aa", + "unique_content_id": "2b4e1b73c41a5e2fd1e5ec5acd53085f", "aliases": [ "CVE-2009-1378", "VC-OPENSSL-20090512-CVE-2009-1378" @@ -8049,7 +8049,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1378", "severities": [], "reference_id": "CVE-2009-1378" }, @@ -8067,7 +8067,7 @@ "date_published": "2009-05-12T00:00:00+00:00" }, { - "unique_content_id": "bcf9ae1a4061fd345a708225403ee843", + "unique_content_id": "2479cc3b4b0c5a64f6af5fe00d4bb334", "aliases": [ "CVE-2009-1379", "VC-OPENSSL-20090512-CVE-2009-1379" @@ -8089,7 +8089,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1379", "severities": [], "reference_id": "CVE-2009-1379" }, @@ -8107,7 +8107,7 @@ "date_published": "2009-05-12T00:00:00+00:00" }, { - "unique_content_id": "423683e07c2a86d18f8307feca5dce90", + "unique_content_id": "7623cc9fdf2c1a033ae13b9c4f85c216", "aliases": [ "CVE-2009-4355", "VC-OPENSSL-20100113-CVE-2009-4355" @@ -8129,7 +8129,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4355", "severities": [], "reference_id": "CVE-2009-4355" }, @@ -8142,7 +8142,7 @@ "date_published": "2010-01-13T00:00:00+00:00" }, { - "unique_content_id": "18482b2b793f1680dd5521a78857a5b2", + "unique_content_id": "cd5a928e754a81fe78d2ff793fd9fe5c", "aliases": [ "CVE-2009-3245", "VC-OPENSSL-20100223-CVE-2009-3245" @@ -8164,7 +8164,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3245", "severities": [], "reference_id": "CVE-2009-3245" }, @@ -8177,7 +8177,7 @@ "date_published": "2010-02-23T00:00:00+00:00" }, { - "unique_content_id": "8863992d4110fd26d7df3f41caac4e36", + "unique_content_id": "f93465ffe5c17257ebdf5801edd6c8e7", "aliases": [ "CVE-2010-0433", "VC-OPENSSL-20100119-CVE-2010-0433" @@ -8199,7 +8199,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0433", "severities": [], "reference_id": "CVE-2010-0433" }, @@ -8212,7 +8212,7 @@ "date_published": "2010-01-19T00:00:00+00:00" }, { - "unique_content_id": "8e0741e0c9f591757fa0326f5d298eb4", + "unique_content_id": "1c2ec8085e7e8589e189bc816ea6e4f8", "aliases": [ "CVE-2010-0740", "VC-OPENSSL-20100324-CVE-2010-0740" @@ -8234,7 +8234,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0740", "severities": [], "reference_id": "CVE-2010-0740" }, @@ -8247,7 +8247,7 @@ "date_published": "2010-03-24T00:00:00+00:00" }, { - "unique_content_id": "ddddcbff988dc3929c3d68015d504688", + "unique_content_id": "10a8d75d89e03a7e1b68c7de54099ca7", "aliases": [ "CVE-2010-0742", "VC-OPENSSL-20100601-CVE-2010-0742" @@ -8281,7 +8281,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0742", "severities": [], "reference_id": "CVE-2010-0742" }, @@ -8294,7 +8294,7 @@ "date_published": "2010-06-01T00:00:00+00:00" }, { - "unique_content_id": "ad7ab35665f06172cc295e857f81118a", + "unique_content_id": "a2f368d38ceb728d8725aff53b981893", "aliases": [ "CVE-2010-1633", "VC-OPENSSL-20100601-CVE-2010-1633" @@ -8316,7 +8316,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1633", "severities": [], "reference_id": "CVE-2010-1633" }, @@ -8329,7 +8329,7 @@ "date_published": "2010-06-01T00:00:00+00:00" }, { - "unique_content_id": "b8c4a54846b8f2c1f3214e0fe07f0c8c", + "unique_content_id": "c59743251b77735f296be0f67fead428", "aliases": [ "CVE-2010-3864", "VC-OPENSSL-20101116-CVE-2010-3864" @@ -8363,7 +8363,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3864", "severities": [], "reference_id": "CVE-2010-3864" }, @@ -8376,7 +8376,7 @@ "date_published": "2010-11-16T00:00:00+00:00" }, { - "unique_content_id": "5ab5e1fac6eb833aea293e847a25dba9", + "unique_content_id": "c8d35a8e132ea021df593dbfa90519fe", "aliases": [ "CVE-2010-4252", "VC-OPENSSL-20101202-CVE-2010-4252" @@ -8398,7 +8398,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4252", "severities": [], "reference_id": "CVE-2010-4252" }, @@ -8411,7 +8411,7 @@ "date_published": "2010-12-02T00:00:00+00:00" }, { - "unique_content_id": "01ad9d3d130de34065515c2c6d524275", + "unique_content_id": "e4b73e603cc3582c869a0225260b68f2", "aliases": [ "CVE-2010-4180", "VC-OPENSSL-20101202-CVE-2010-4180" @@ -8445,7 +8445,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4180", "severities": [], "reference_id": "CVE-2010-4180" }, @@ -8458,7 +8458,7 @@ "date_published": "2010-12-02T00:00:00+00:00" }, { - "unique_content_id": "0a513f23597a1264df210654df9dd050", + "unique_content_id": "54c01172e2e79e9e75d62960fb3f3ca3", "aliases": [ "CVE-2011-3207", "VC-OPENSSL-20110906-CVE-2011-3207" @@ -8480,7 +8480,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3207", "severities": [], "reference_id": "CVE-2011-3207" }, @@ -8493,7 +8493,42 @@ "date_published": "2011-09-06T00:00:00+00:00" }, { - "unique_content_id": "f5a9d42d8c79561151c09e2304704481", + "unique_content_id": "92951f2a40936d95d72816f0d2998000", + "aliases": [ + "CVE-2012-0027", + "VC-OPENSSL-20120104-CVE-2012-0027" + ], + "summary": "A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "1.0.0f", + "affected_version_range": "vers:openssl/1.0.0|1.0.0a|1.0.0b|1.0.0c|1.0.0d|1.0.0e" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0027", + "severities": [], + "reference_id": "CVE-2012-0027" + }, + { + "url": "https://www.openssl.org/news/secadv/20120104.txt", + "severities": [], + "reference_id": "" + } + ], + "date_published": "2012-01-04T00:00:00+00:00" + }, + { + "unique_content_id": "0b591f3a423642028bd7610a4c0c4c8b", "aliases": [ "CVE-2011-3210", "VC-OPENSSL-20110906-CVE-2011-3210" @@ -8527,7 +8562,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3210", "severities": [], "reference_id": "CVE-2011-3210" }, @@ -8540,7 +8575,7 @@ "date_published": "2011-09-06T00:00:00+00:00" }, { - "unique_content_id": "5bffcedc10ed9bf334297b1c4335674d", + "unique_content_id": "600af49289d67cfbc3327ab07d7ad2e4", "aliases": [ "CVE-2011-4108", "VC-OPENSSL-20120104-CVE-2011-4108" @@ -8574,7 +8609,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4108", "severities": [], "reference_id": "CVE-2011-4108" }, @@ -8587,7 +8622,7 @@ "date_published": "2012-01-04T00:00:00+00:00" }, { - "unique_content_id": "442c2495e12f73075e5ceb7e06cc9b61", + "unique_content_id": "7807545a105e79cf1c8b50521641e613", "aliases": [ "CVE-2011-4109", "VC-OPENSSL-20120104-CVE-2011-4109" @@ -8609,7 +8644,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4109", "severities": [], "reference_id": "CVE-2011-4109" }, @@ -8622,42 +8657,7 @@ "date_published": "2012-01-04T00:00:00+00:00" }, { - "unique_content_id": "20527a3203dfff95a438f207fea06e42", - "aliases": [ - "CVE-2012-2131", - "VC-OPENSSL-20120424-CVE-2012-2131" - ], - "summary": "It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "0.9.8w", - "affected_version_range": "vers:openssl/0.9.8" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2012-2131" - }, - { - "url": "https://www.openssl.org/news/secadv/20120424.txt", - "severities": [], - "reference_id": "" - } - ], - "date_published": "2012-04-24T00:00:00+00:00" - }, - { - "unique_content_id": "18dd4abd14e640ebe043b1e35267af16", + "unique_content_id": "ad9473b31be72e89afbe9ad718a72e00", "aliases": [ "CVE-2011-4576", "VC-OPENSSL-20120104-CVE-2011-4576" @@ -8691,7 +8691,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4576", "severities": [], "reference_id": "CVE-2011-4576" }, @@ -8704,7 +8704,7 @@ "date_published": "2012-01-04T00:00:00+00:00" }, { - "unique_content_id": "df376ce860d7557f22f75a03d02e6eac", + "unique_content_id": "3e660791fead8dd25efecc0f283c208c", "aliases": [ "CVE-2011-4577", "VC-OPENSSL-20120104-CVE-2011-4577" @@ -8738,7 +8738,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4577", "severities": [], "reference_id": "CVE-2011-4577" }, @@ -8751,7 +8751,7 @@ "date_published": "2012-01-04T00:00:00+00:00" }, { - "unique_content_id": "50d81165462363b5600e2f09c58c7fa1", + "unique_content_id": "f86d2211da5a61d8e581d7b11f1908d1", "aliases": [ "CVE-2011-4619", "VC-OPENSSL-20120104-CVE-2011-4619" @@ -8785,7 +8785,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4619", "severities": [], "reference_id": "CVE-2011-4619" }, @@ -8798,42 +8798,7 @@ "date_published": "2012-01-04T00:00:00+00:00" }, { - "unique_content_id": "97d495895a434f87d706a35d729cbf4e", - "aliases": [ - "CVE-2012-0027", - "VC-OPENSSL-20120104-CVE-2012-0027" - ], - "summary": "A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug.", - "affected_packages": [ - { - "package": { - "name": "openssl", - "type": "openssl", - "subpath": null, - "version": null, - "namespace": null, - "qualifiers": null - }, - "fixed_version": "1.0.0f", - "affected_version_range": "vers:openssl/1.0.0|1.0.0a|1.0.0b|1.0.0c|1.0.0d|1.0.0e" - } - ], - "references": [ - { - "url": "", - "severities": [], - "reference_id": "CVE-2012-0027" - }, - { - "url": "https://www.openssl.org/news/secadv/20120104.txt", - "severities": [], - "reference_id": "" - } - ], - "date_published": "2012-01-04T00:00:00+00:00" - }, - { - "unique_content_id": "24c194c09ab8a3b445dfaf0e70d230ca", + "unique_content_id": "f50e568118ff3cbe3e7d9218d8fe8490", "aliases": [ "CVE-2012-0050", "VC-OPENSSL-20120104-CVE-2012-0050" @@ -8867,7 +8832,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0050", "severities": [], "reference_id": "CVE-2012-0050" }, @@ -8880,7 +8845,7 @@ "date_published": "2012-01-04T00:00:00+00:00" }, { - "unique_content_id": "62b159ab91fde38f442b679237464b50", + "unique_content_id": "f06c70d55861fcad43368de536b9fa2b", "aliases": [ "CVE-2012-0884", "VC-OPENSSL-20120312-CVE-2012-0884" @@ -8914,7 +8879,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0884", "severities": [], "reference_id": "CVE-2012-0884" }, @@ -8927,7 +8892,7 @@ "date_published": "2012-03-12T00:00:00+00:00" }, { - "unique_content_id": "252a8f30e50681007408d9327b96808e", + "unique_content_id": "c321f88c434d878975bb4654c9dd11fb", "aliases": [ "CVE-2011-0014", "VC-OPENSSL-20110208-CVE-2011-0014" @@ -8961,7 +8926,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0014", "severities": [], "reference_id": "CVE-2011-0014" }, @@ -8974,7 +8939,42 @@ "date_published": "2011-02-08T00:00:00+00:00" }, { - "unique_content_id": "8e523fb79249d1d7e22ee24d62991565", + "unique_content_id": "4ec9eb4c6e5c622e43a6ea6ef15d52b4", + "aliases": [ + "CVE-2012-2131", + "VC-OPENSSL-20120424-CVE-2012-2131" + ], + "summary": "It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct CVE-2012-2110.", + "affected_packages": [ + { + "package": { + "name": "openssl", + "type": "openssl", + "subpath": null, + "version": null, + "namespace": null, + "qualifiers": null + }, + "fixed_version": "0.9.8w", + "affected_version_range": "vers:openssl/0.9.8" + } + ], + "references": [ + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2131", + "severities": [], + "reference_id": "CVE-2012-2131" + }, + { + "url": "https://www.openssl.org/news/secadv/20120424.txt", + "severities": [], + "reference_id": "" + } + ], + "date_published": "2012-04-24T00:00:00+00:00" + }, + { + "unique_content_id": "e5eb2917af2b324b45323e80a932eaac", "aliases": [ "CVE-2012-2110", "VC-OPENSSL-20120419-CVE-2012-2110" @@ -9020,7 +9020,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2110", "severities": [], "reference_id": "CVE-2012-2110" }, @@ -9033,7 +9033,7 @@ "date_published": "2012-04-19T00:00:00+00:00" }, { - "unique_content_id": "26043d22c767c2e2a91a8f3c768ab4b4", + "unique_content_id": "6a0035c2e08c94d1f96c341c1c65308e", "aliases": [ "CVE-2012-2333", "VC-OPENSSL-20120510-CVE-2012-2333" @@ -9079,7 +9079,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2333", "severities": [], "reference_id": "CVE-2012-2333" }, @@ -9092,7 +9092,7 @@ "date_published": "2012-05-10T00:00:00+00:00" }, { - "unique_content_id": "b3f72f081b2302dfb1092ebeb54e2a3a", + "unique_content_id": "5150b7bcb2a91bca5bbec4be5fd9707e", "aliases": [ "CVE-2013-0169", "VC-OPENSSL-20130204-CVE-2013-0169" @@ -9138,7 +9138,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169", "severities": [], "reference_id": "CVE-2013-0169" }, @@ -9151,7 +9151,7 @@ "date_published": "2013-02-04T00:00:00+00:00" }, { - "unique_content_id": "d4b477095392942f8d225f04f6c397ac", + "unique_content_id": "71f19fecae0d29e9647041dd489f8b9d", "aliases": [ "CVE-2012-2686", "VC-OPENSSL-20130205-CVE-2012-2686" @@ -9173,7 +9173,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2686", "severities": [], "reference_id": "CVE-2012-2686" }, @@ -9186,7 +9186,7 @@ "date_published": "2013-02-05T00:00:00+00:00" }, { - "unique_content_id": "010794775b0a6037d336ff955d46db8d", + "unique_content_id": "9ead169dc70d8bbcfceb668bf99916b5", "aliases": [ "CVE-2013-0166", "VC-OPENSSL-20130205-CVE-2013-0166" @@ -9232,7 +9232,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166", "severities": [], "reference_id": "CVE-2013-0166" }, @@ -9245,7 +9245,7 @@ "date_published": "2013-02-05T00:00:00+00:00" }, { - "unique_content_id": "31a1af0690d13ed6d278b65224e3a4af", + "unique_content_id": "f629034826a9a0b0405e02e8fecc5471", "aliases": [ "CVE-2013-6450", "VC-OPENSSL-20131213-CVE-2013-6450" @@ -9279,7 +9279,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6450", "severities": [], "reference_id": "CVE-2013-6450" }, @@ -9292,7 +9292,7 @@ "date_published": "2013-12-13T00:00:00+00:00" }, { - "unique_content_id": "01797fdc1a5f3b8af52b71a029867918", + "unique_content_id": "e044b060bb6a88182ef047435b17edc7", "aliases": [ "CVE-2013-6449", "VC-OPENSSL-20131214-CVE-2013-6449" @@ -9314,7 +9314,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6449", "severities": [], "reference_id": "CVE-2013-6449" }, @@ -9327,7 +9327,7 @@ "date_published": "2013-12-14T00:00:00+00:00" }, { - "unique_content_id": "03c91c8f2f10f0e2c68dbdea97236350", + "unique_content_id": "8f379a5bad1322f3555d207330a7e79b", "aliases": [ "CVE-2013-4353", "VC-OPENSSL-20140106-CVE-2013-4353" @@ -9349,7 +9349,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4353", "severities": [], "reference_id": "CVE-2013-4353" }, @@ -9362,7 +9362,7 @@ "date_published": "2014-01-06T00:00:00+00:00" }, { - "unique_content_id": "9d8920949e7f362a5aa4ff21f1759733", + "unique_content_id": "f088991977978985d6c22eae42e9ae0d", "aliases": [ "CVE-2014-0076", "VC-OPENSSL-20140214-CVE-2014-0076" @@ -9408,7 +9408,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0076", "severities": [], "reference_id": "CVE-2014-0076" }, @@ -9431,7 +9431,7 @@ "date_published": "2014-02-14T00:00:00+00:00" }, { - "unique_content_id": "45bae238f6efeedee9fca9f1dc0e47e6", + "unique_content_id": "45eb6dfd31b5fc4828ce7918a5e30fe1", "aliases": [ "CVE-2014-0160", "VC-OPENSSL-20140407-CVE-2014-0160" @@ -9453,7 +9453,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160", "severities": [], "reference_id": "CVE-2014-0160" }, @@ -9466,7 +9466,7 @@ "date_published": "2014-04-07T00:00:00+00:00" }, { - "unique_content_id": "b1e752aaf11e6bacaa61d843ee29d08f", + "unique_content_id": "acd1e3ac9746e2bf60f9e4356e42a244", "aliases": [ "CVE-2014-0224", "VC-OPENSSL-20140605-CVE-2014-0224" @@ -9512,7 +9512,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224", "severities": [], "reference_id": "CVE-2014-0224" }, @@ -9525,7 +9525,7 @@ "date_published": "2014-06-05T00:00:00+00:00" }, { - "unique_content_id": "d44d405f74540c3d0e1f4cb30bd55999", + "unique_content_id": "9d281843d5f176d057383fdad48bf8b9", "aliases": [ "CVE-2014-0221", "VC-OPENSSL-20140605-CVE-2014-0221" @@ -9571,7 +9571,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0221", "severities": [], "reference_id": "CVE-2014-0221" }, @@ -9584,7 +9584,7 @@ "date_published": "2014-06-05T00:00:00+00:00" }, { - "unique_content_id": "3da93a4de4a6b0114b266c2e96982478", + "unique_content_id": "61d91c23f6b3cbb2cfe8c448285ced91", "aliases": [ "CVE-2014-0195", "VC-OPENSSL-20140605-CVE-2014-0195" @@ -9630,7 +9630,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0195", "severities": [], "reference_id": "CVE-2014-0195" }, @@ -9643,7 +9643,7 @@ "date_published": "2014-06-05T00:00:00+00:00" }, { - "unique_content_id": "37201479bcb4ff52a2cbe995b8076567", + "unique_content_id": "b72606d65a6ae99abd593e03be951491", "aliases": [ "CVE-2014-0198", "VC-OPENSSL-20140421-CVE-2014-0198" @@ -9677,7 +9677,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0198", "severities": [], "reference_id": "CVE-2014-0198" }, @@ -9690,7 +9690,7 @@ "date_published": "2014-04-21T00:00:00+00:00" }, { - "unique_content_id": "6ba35c92a1da660bec8492a1bf8ed279", + "unique_content_id": "89b3f67beba5915422b336140683b8a9", "aliases": [ "CVE-2010-5298", "VC-OPENSSL-20140408-CVE-2010-5298" @@ -9724,7 +9724,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-5298", "severities": [], "reference_id": "CVE-2010-5298" }, @@ -9737,7 +9737,7 @@ "date_published": "2014-04-08T00:00:00+00:00" }, { - "unique_content_id": "295f19d14c53700e15f5a7baece4c1ef", + "unique_content_id": "928fd52bdf45973bd405785383f86ff9", "aliases": [ "CVE-2014-3470", "VC-OPENSSL-20140530-CVE-2014-3470" @@ -9783,7 +9783,7 @@ ], "references": [ { - "url": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3470", "severities": [], "reference_id": "CVE-2014-3470" }, diff --git a/vulnerabilities/tests/test_openssl.py b/vulnerabilities/tests/test_openssl.py index d87838a73..090a36b7c 100644 --- a/vulnerabilities/tests/test_openssl.py +++ b/vulnerabilities/tests/test_openssl.py @@ -97,7 +97,7 @@ def test_to_advisory_data(self): references=[ Reference( reference_id="CVE-2017-3737", - url="", + url="https://nvd.nist.gov/vuln/detail/CVE-2017-3737", severities=[], ), Reference(