jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0b84f3c661
cvrf2cusa/cusas/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json
Jia Chao 0b84f3c661 增加测试用的配置和目录 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-02 15:51:55 +08:00

14 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "openEuler-SA-2024-1531",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1531",
"title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
"severity": "Moderate",
"description": "The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL tookit and its related documentation.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\r\n\r\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\r\n\r\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\r\n\r\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.(CVE-2024-2511)",
"cves": [
{
"id": "CVE-2024-2511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
"severity": "Moderate"
}
]
}
Reference in New Issue View Git Blame Copy Permalink