AVG-1582 - openssl-1.0 - Arch Linux
AVG-1582 log
| Package | openssl-1.0 |
| Status | Vulnerable |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.0.2.u-1 |
| Fixed | Unknown |
| Current | 1.0.2.u-1 [core] |
| Ticket | Create |
| Created | Tue Feb 16 19:48:09 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-23841 | Medium | Yes | Denial of service | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained... |
| CVE-2021-23840 | Low | Yes | Incorrect calculation | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to... |
| CVE-2021-23839 | Low | Yes | Incorrect calculation | OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS... |
| Notes |
|---|
OpenSSL 1.0.2 is out of support and no longer receiving public updates, so this issue will not be fixed. |