OpenSSL Multiple Vulnerabilities

Multiple vulnerabilities have been identified in OpenSSL. A remote user can cause the target service to crash and obtain potentially sensitive information on the target system.

• A remote server can send a specially crafted ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 to potentially cause the target service to crash
• A remote user can exploit a carry propagation flaw in BN_mod_exp() to potentially determine information about the private key in certain situations.
• A remote user can send a certificate with a specially crafted ASN.1 signature that uses the RSA PSS algorithm and does not contain the mast generation function parameter to trigger a null pointer dereference and crash.
• A remote user can supply a specially crafted X509_ATTRIBUTE structure to trigger a memory leak and potentially disclose sensitive information.
• A remote user can send send PSK identity hints to a multi-threaded client to trigger a race condition and then a double free memory error and cause the target service to crash.