FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c6f4177c-8e29-11ef-98e7-84a93843eb75OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports:

Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143) (Low)

Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes.


Discovery 2024-10-16
Entry 2024-10-19
openssl
< 3.0.15_1,1

openssl31
< 3.1.7_1

openssl32
< 3.2.3_1

openssl33
< 3.3.2_1

openssl-quictls
< 3.0.15_1,1

openssl31-quictls
< 3.1.7_1

CVE-2024-9143
https://openssl-library.org/news/secadv/20241016.txt
21f505f4-6a1c-11ef-b611-84a93843eb75OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

Possible denial of service in X.509 name checks [Moderate severity] Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.

SSL_select_next_proto buffer overread [Low severity] Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer.


Discovery 2024-09-03
Entry 2024-09-03
Modified 2024-09-05
openssl
< 3.0.15,1

openssl31
< 3.1.7

openssl32
< 3.2.3

openssl33
< 3.3.2

openssl-quictls
< 3.0.15

openssl31-quictls
< 3.1.7

FreeBSD
>= 14.1 lt 14.1_4

>= 14.0 lt 14.0_10

CVE-2024-5535
CVE-2024-6119
https://openssl-library.org/news/secadv/20240627.txt
https://openssl-library.org/news/secadv/20240903.txt
SA-24:13.openssl