Cryptographic Issues Affecting openssl package, versions >=1.0.0, <1.0.111


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
2.44% (91st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cryptographic Issues vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-COCOAPODS-OPENSSL-471036
  • published2 Oct 2019
  • disclosed24 Oct 2014
  • creditUnknown

Introduced: 24 Oct 2014

CVE-2015-0205  (opens in a new tab)
CWE-310  (opens in a new tab)

How to fix?

Upgrade OpenSSL to version 1.0.111 or higher.

Overview

OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.

Affected versions of this package are vulnerable to Cryptographic Issues. OpenSSL is vulnerable to access bypass. OpenSSL accepts client authentication with a Diffie-Helman certificate without receiving a CertificateValue message. This allows attacks to gain access without the knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.

CVSS Scores

version 3.1