A New Round Of OpenSSL Vulnerabilities Discovered
Further fallout from the Heartbleed bug has occurred with another set of security vulnerabilities now being disclosed for OpenSSL.
Six new CVEs were made public today for OpenSSL. These potential exploits could allow for man-in-the-middle attacks, code execution, and denial of service attack. The new reports are:
Six new CVEs were made public today for OpenSSL. These potential exploits could allow for man-in-the-middle attacks, code execution, and denial of service attack. The new reports are:
- SSL/TLS MITM vulnerability (CVE-2014-0224)More information on these latest OpenSSL security woes can be found via the posting at OpenSSL.org.
- DTLS recursion flaw (CVE-2014-0221)
- DTLS invalid fragment vulnerability (CVE-2014-0195)
- SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
- SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
- Anonymous ECDH denial of service (CVE-2014-3470)
18 Comments