This vulnerability is due to a denial of service vulnerability when the Point-to-Point Protocol (PtP) is enabled on an interface. This can be exploited by an attacker to crash the targeted system.
Mitigation
The vendor has released a patch for this vulnerability.
On Linux, the vendor has released a patch. For Red Hat Enterprise Linux, the vendor has released a patch. On Microsoft Windows, the vendor has released a patch.
On FreeBSD 11.3, the vendor has released a patch.
CVE-2023-21158 - OpenSSL Vulnerability - This is a serious vulnerability in OpenSSL. It could allow an attacker to downgrade the security of an OpenSSL encrypted connection in a man-in-the-middle scenario. This could allow the attacker to decrypt and forge data (for example, during a financial attack, or a mission-critical application with sensitive data). This CVE ID is unique from CVE-2023-21157.
CVE-2024-20271 - OpenSSL Vulnerability - This is a serious vulnerability in OpenSSL. It could allow an attacker to downgrade the security of an OpenSSL encrypted connection in a man-in-the-middle scenario. This could allow the attacker to decrypt and forge data (for example, during a financial attack, or a mission-critical application with sensitive data). This CVE ID is unique from CVE-2024-20272.
CVE-2024-
Researchers of Mathy Vanhoef, of the
Computer Laboratory of KU Leuven, have discovered a vulnerability in
OpenSSL that could allow an attacker to intercept and modify HTTPS traffic to a web server. This vulnerability is unique from CVE-2024-20271, CVE-2024-20272, and CVE-2023-21157.
CVE-2025-20047 - OpenSSL Vulnerability - This is a serious vulnerability in OpenSSL. It could allow an attacker to downgrade the security of an SSL/TLS connection in a man-in-the-middle scenario. This could allow the attacker to decrypt and forge data (for example, during a financial attack, or a mission-critical application with sensitive data).This CVE ID is unique from CVE-2015-7575 and CVE-2015-7679.
Overview of OpenSSL Vulnerabilities
OpenSSL vulnerability overview.
Summary
The OpenSSL project provides a free and open-source cryptographic library used by many applications. On April 14, 2019, two vulnerabilities were announced by the OpenSSL Project that could allow an attacker to decrypt and forge data during a financial attack or a mission-critical application with sensitive data.
On April 14, 2019, these vulnerabilities were discussed in the following blogs:
Mitigation
On Linux, the vendor has released a patch. For Red Hat Enterprise Linux, the vendor has released a patch. On Microsoft Windows, the vendor has released a patch. On FreeBSD 11.3, the vendor has released a patch.
Timeline
Published on: 11/09/2022 22:15:00 UTC
Last modified on: 11/10/2022 00:33:00 UTC