Cryptographic Issues Affecting openssl package, versions >=1.0.200, <1.0.208
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-OPENSSL-471320
- published 2 Oct 2019
- disclosed 3 May 2016
- credit Unknown
How to fix?
Upgrade OpenSSL
to version 1.0.208 or higher.
Overview
OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
Affected versions of this package are vulnerable to Cryptographic Issues. OpenSSL is vulnerable to padding oracle attacks. The library does not check if there is enough data in both the MAC hash and padding bytes, allowing an attacker to recover the plain text by using the server as a padding oracle.
Note: This vulnerability exists because of an incorrect fix for CVE-2013-0169.
References
- Apple Security Advisory
- Apple Security Announcement
- CISCO
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- Debian Security Advisory
- Exploit DB
- Fedora Security Announcement
- Fedora Security Announcement
- Fedora Security Announcement
- FREEBSD
- Gentoo Security Advisory
- HPE Support Center Security Bulletin
- HPE Support Center Security Bulletin
- HPE Support Center Security Bulletin
- HPE Support Center Security Bulletin
- MISC
- MISC
- MISC
- Netapp Security Advisory
- OpenSSL Security Advisory
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Bulletin
- Oracle Security Bulletin
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- Security Focus
- Security Focus
- Security Tracker
- SLACKWARE
- Ubuntu Security Advisory