Cryptographic Issues Affecting openssl package, versions >=1.0.0, <1.0.110


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.55% (79th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cryptographic Issues vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-COCOAPODS-OPENSSL-471310
  • published2 Oct 2019
  • disclosed15 Oct 2014
  • creditUnknown

Introduced: 15 Oct 2014

CVE-2014-3568  (opens in a new tab)
CWE-310  (opens in a new tab)

How to fix?

Upgrade OpenSSL to version 1.0.110 or higher.

Overview

OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.

Affected versions of this package are vulnerable to Cryptographic Issues. OpenSSL is vulnerable to access restriction bypass. This is possible because OpenSSL does not enforce the no-ssl3 build option, which then allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

CVSS Scores

version 3.1