FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-03-31 16:45:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8	FreeBSD -- OpenSSL Remote DoS vulnerability Problem Description: Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages. Impact: A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power with very little bandwidth usage, and may be able to use this technique in a leveraged Denial of Service attack. Discovery 2016-11-02 Entry 2016-11-02 Modified 2017-02-22 FreeBSD >= 10.3 lt 10.3_12 >= 10.2 lt 10.2_25 >= 10.1 lt 10.1_42 >= 9.3 lt 9.3_50 openssl < 1.0.2i,1 openssl-devel < 1.1.0a linux-c6-openssl < 1.0.1e_13 linux-c7-openssl-libs < 1.0.1e_3 CVE-2016-8610 SA-16:35.openssl http://seclists.org/oss-sec/2016/q4/224
d455708a-e3d3-11e6-9940-b499baebfeaf	OpenSSL -- multiple vulnerabilities The OpenSSL project reports: Truncated packet could crash via OOB read (CVE-2017-3731) Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) Montgomery multiplication may produce incorrect results (CVE-2016-7055) Discovery 2017-01-26 Entry 2017-01-26 Modified 2017-05-26 openssl < 1.0.2k,1 openssl-devel < 1.1.0d linux-c6-openssl < 1.0.1e_13 linux-c7-openssl-libs < 1.0.1e_3 FreeBSD >= 11.0 lt 11.0_8 >= 10.3 lt 10.3_17 https://www.openssl.org/news/secadv/20170126.txt CVE-2016-7055 CVE-2017-3730 CVE-2017-3731 CVE-2017-3732 SA-17:02.openssl

VuXML ID

Description

0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8

FreeBSD -- OpenSSL Remote DoS vulnerability

Problem Description:

Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages.

Impact:

A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power with very little bandwidth usage, and may be able to use this technique in a leveraged Denial of Service attack.

Discovery 2016-11-02
Entry 2016-11-02
Modified 2017-02-22
FreeBSD

>= 10.3 lt 10.3_12

>= 10.2 lt 10.2_25

>= 10.1 lt 10.1_42

>= 9.3 lt 9.3_50

openssl

< 1.0.2i,1

openssl-devel

< 1.1.0a

linux-c6-openssl

< 1.0.1e_13

linux-c7-openssl-libs

< 1.0.1e_3

CVE-2016-8610
SA-16:35.openssl
http://seclists.org/oss-sec/2016/q4/224

d455708a-e3d3-11e6-9940-b499baebfeaf

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports:

Truncated packet could crash via OOB read (CVE-2017-3731)

Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)

BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

Montgomery multiplication may produce incorrect results (CVE-2016-7055)

Discovery 2017-01-26
Entry 2017-01-26
Modified 2017-05-26
openssl

< 1.0.2k,1

openssl-devel

< 1.1.0d

linux-c6-openssl

< 1.0.1e_13

linux-c7-openssl-libs

< 1.0.1e_3

FreeBSD

>= 11.0 lt 11.0_8

>= 10.3 lt 10.3_17

https://www.openssl.org/news/secadv/20170126.txt
CVE-2016-7055
CVE-2017-3730
CVE-2017-3731
CVE-2017-3732
SA-17:02.openssl