Cryptographic Issues Affecting openssl package, versions >=1.0.0
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.87% (83rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-OPENSSL-471057
- published 2 Oct 2019
- disclosed 19 Jan 2012
- credit Unknown
Introduced: 19 Jan 2012
CVE-2012-0884 Open this link in a new tabHow to fix?
There is no fixed version for OpenSSL.
Overview
OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
Affected versions of this package are vulnerable to Cryptographic Issues. OpenSSL is vulnerable to million message attacks (MMA). This is due to the way that OpenSSL has implemented PKCS #7 and Cryptographic Message Syntax (CMS), making it easier for attackers to decrypt data.
References
- Cert Vulnerability Note
- Debian Security Advisory
- Fedora Security Announcement
- Fedora Security Announcement
- Fedora Security Announcement
- Fedora Security Announcement
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- https://downloads.avaya.com/css/P8/documents/100162507
- https://hermes.opensuse.org/messages/14330767
- http://www.openssl.org/news/secadv_20120312.txt
- IBM Security Bulletin
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory