Cryptographic Issues Affecting openssl Open this link in a new tab package, versions >=1.0.0, <1.0.108
Attack Complexity
Low
User Interaction
Required
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-COCOAPODS-OPENSSL-470915
-
published
2 Oct 2019
-
disclosed
16 May 2014
-
credit
Unknown
Introduced: 16 May 2014
CVE-2014-0224 Open this link in a new tabHow to fix?
Upgrade OpenSSL
to version 1.0.108 or higher.
Overview
OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
Affected versions of this package are vulnerable to Cryptographic Issues. OpenSSL is vulnerable to man in the middle (MitM) attacks. These attacks are possible because an attacker can force OpenSSL to use a zero-length master key. This allows attackers to hijack sessions and obtain sensitive information. This is also known as the "CCS Injection".
References
- AIXAPAR
- Apple Security Advisory
- BUGTRAQ
- Cert Vulnerability Note
- CISCO
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- Fedora Security Announcement
- Fedora Security Announcement
- Gentoo Security Advisory
- HPE Support Center Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- IBM Security Bulletin
- MISC
- MISC
- OpenSuse Security Announcement
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Bulletin
- Oracle Security Bulletin
- Oracle Security Bulletin
- PoC
- RedHat Bugzilla Bug
- RedHat Security Advisory
- Seclists Full Disclosure
- Secunia Advisory
- Secunia Advisory
- Security Tracker