Severity: Unknown
Affected Package: openssl
Summary: Multiple OpenSSL vulnerabilities (info leak, DoS, double-free, MMA, ASN.1 memory corruption)
OpenSSL fails to clear bytes used as SSL 3.0 block-cipher padding, leaking up to 15 bytes of uninitialized (possibly sensitive) memory per record. SGC handshake restart handling enables a denial of service, X509 policy checking can trigger a double-free, the PKCS#7 code is vulnerable to Bleichenbacher's million-message attack, and asn1_d2i_read_bio() contains integer errors causing memory corruption when parsing untrusted ASN.1 data such as X.509 certificates or RSA public keys.
No specific recommendations provided.
Aliases: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
Published: May 03, 2012
Last Modified: May 03, 2012