FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-06 12:07:22 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c6f4177c-8e29-11ef-98e7-84a93843eb75	OpenSSL -- OOB memory access vulnerability The OpenSSL project reports: Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143) (Low) Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Discovery 2024-10-16 Entry 2024-10-19 openssl < 3.0.15_1,1 openssl31 < 3.1.7_1 openssl32 < 3.2.3_1 openssl33 < 3.3.2_1 openssl-quictls < 3.0.15_1,1 openssl31-quictls < 3.1.7_1 CVE-2024-9143 https://openssl-library.org/news/secadv/20241016.txt
21f505f4-6a1c-11ef-b611-84a93843eb75	OpenSSL -- Multiple vulnerabilities The OpenSSL project reports: Possible denial of service in X.509 name checks [Moderate severity] Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. SSL_select_next_proto buffer overread [Low severity] Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Discovery 2024-09-03 Entry 2024-09-03 Modified 2024-09-05 openssl < 3.0.15,1 openssl31 < 3.1.7 openssl32 < 3.2.3 openssl33 < 3.3.2 openssl-quictls < 3.0.15 openssl31-quictls < 3.1.7 FreeBSD >= 14.1 lt 14.1_4 >= 14.0 lt 14.0_10 CVE-2024-5535 CVE-2024-6119 https://openssl-library.org/news/secadv/20240627.txt https://openssl-library.org/news/secadv/20240903.txt SA-24:13.openssl

VuXML ID

Description

c6f4177c-8e29-11ef-98e7-84a93843eb75

OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports:

Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143) (Low)

Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes.

Discovery 2024-10-16
Entry 2024-10-19
openssl

< 3.0.15_1,1

openssl31

< 3.1.7_1

openssl32

< 3.2.3_1

openssl33

< 3.3.2_1

openssl-quictls

< 3.0.15_1,1

openssl31-quictls

< 3.1.7_1

CVE-2024-9143
https://openssl-library.org/news/secadv/20241016.txt

21f505f4-6a1c-11ef-b611-84a93843eb75

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

Possible denial of service in X.509 name checks [Moderate severity] Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.

SSL_select_next_proto buffer overread [Low severity] Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer.

Discovery 2024-09-03
Entry 2024-09-03
Modified 2024-09-05
openssl

< 3.0.15,1

openssl31

< 3.1.7

openssl32

< 3.2.3

openssl33

< 3.3.2

openssl-quictls

< 3.0.15

openssl31-quictls

< 3.1.7

FreeBSD

>= 14.1 lt 14.1_4

>= 14.0 lt 14.0_10

CVE-2024-5535
CVE-2024-6119
https://openssl-library.org/news/secadv/20240627.txt
https://openssl-library.org/news/secadv/20240903.txt
SA-24:13.openssl