FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-09-15 18:04:00 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
21f505f4-6a1c-11ef-b611-84a93843eb75	OpenSSL -- Multiple vulnerabilities The OpenSSL project reports: Possible denial of service in X.509 name checks [Moderate severity] Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. SSL_select_next_proto buffer overread [Low severity] Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Discovery 2024-09-03 Entry 2024-09-03 Modified 2024-09-05 openssl < 3.0.15,1 openssl31 < 3.1.7 openssl32 < 3.2.3 openssl33 < 3.3.2 openssl-quictls < 3.0.15 openssl31-quictls < 3.1.7 FreeBSD >= 14.1 lt 14.1_4 >= 14.0 lt 14.0_10 CVE-2024-5535 CVE-2024-6119 https://openssl-library.org/news/secadv/20240627.txt https://openssl-library.org/news/secadv/20240903.txt SA-24:13.openssl
73a697d7-1d0f-11ef-a490-84a93843eb75	OpenSSL -- Use after free vulnerability The OpenSSL project reports: Use After Free with SSL_free_buffers (low). Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Discovery 2024-05-28 Entry 2024-05-28 openssl < 3.0.13_5,1 openssl31 < 3.1.5_5 openssl32 < 3.2.1_5 openssl33 < 3.3.0_2 openssl-quictls < 3.0.13_5 openssl31-quictls < 3.1.5_5 CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt
b88aa380-1442-11ef-a490-84a93843eb75	OpenSSL -- Denial of Service vulnerability The OpenSSL project reports: Excessive time spent checking DSA keys and parameters (Low) Checking excessively long DSA keys or parameters may be very slow. Discovery 2024-05-16 Entry 2024-05-17 openssl < 3.0.13_4,1 openssl31 < 3.1.5_4 openssl32 < 3.2.1_4 openssl33 < 3.3.0_1 openssl-quictls < 3.0.13_4 openssl31-quictls < 3.1.5_4 CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt

VuXML ID

Description

21f505f4-6a1c-11ef-b611-84a93843eb75

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

Possible denial of service in X.509 name checks [Moderate severity] Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.

SSL_select_next_proto buffer overread [Low severity] Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer.

Discovery 2024-09-03
Entry 2024-09-03
Modified 2024-09-05
openssl

< 3.0.15,1

openssl31

< 3.1.7

openssl32

< 3.2.3

openssl33

< 3.3.2

openssl-quictls

< 3.0.15

openssl31-quictls

< 3.1.7

FreeBSD

>= 14.1 lt 14.1_4

>= 14.0 lt 14.0_10

CVE-2024-5535
CVE-2024-6119
https://openssl-library.org/news/secadv/20240627.txt
https://openssl-library.org/news/secadv/20240903.txt
SA-24:13.openssl

73a697d7-1d0f-11ef-a490-84a93843eb75

OpenSSL -- Use after free vulnerability

The OpenSSL project reports:

Use After Free with SSL_free_buffers (low).

Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations

Discovery 2024-05-28
Entry 2024-05-28
openssl