FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4a4712ae-7299-11ee-85eb-84a93843eb75	OpenSSL -- potential loss of confidentiality SO-AND-SO reports: Moderate severity: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Discovery 2023-10-24 Entry 2023-10-24 openssl < 3.0.12,1 openssl31 < 3.1.4 openssl-quictls < 3.0.12 CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt
41c60e16-2405-11ee-a0d1-84a93843eb75	OpenSSL -- AES-SIV implementation ignores empty associated data entries The OpenSSL project reports: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Discovery 2023-07-14 Entry 2023-07-16 openssl30 < 3.0.9_1 openssl31 < 3.1.1_1 CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt
7c217849-f7d7-11ee-a490-84a93843eb75	OpenSSL -- Unbounded memory growth with session handling in TLSv1.3 The OpenSSL project reports: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Discovery 2024-04-08 Entry 2024-04-11 openssl < 3.0.13_3,1 openssl31 < 3.1.5_3 openssl32 < 3.2.1_2 openssl-quictls < 3.0.13_3 openssl31-quictls < 3.1.5_1 CVE-2024-2511 https://www.openssl.org/news/secadv/20240408.txt
8337251b-b07b-11ee-b0d7-84a93843eb75	OpenSSL -- Vector register corruption on PowerPC SO-AND-SO reports: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Discovery 2024-01-09 Entry 2024-01-11 openssl < 3.0.12_2,1 openssl-quictls < 3.0.12_2 openssl31 < 3.1.4_2 openssl31-quictls < 3.1.4_2 openssl32 < 3.2.0_1 CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt
1ba034fb-ca38-11ed-b242-d4c9ef517024	OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints The OpenSSL project reports: Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Discovery 2023-03-23 Entry 2023-03-24 Modified 2023-07-19 openssl < 1.1.1t,1_1 openssl30 < 3.0.8_1 openssl31 < 3.1.0_1 openssl-quic < 3.0.8_1 virtualbox-ose < 6.1.46 CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt
bad6588e-2fe0-11ee-a0d1-84a93843eb75	OpenSSL -- Excessive time spent checking DH q parameter value The OpenSSL project reports: Checking excessively long DH keys or parameters may be very slow (severity: Low). Discovery 2023-07-31 Entry 2023-07-31 openssl < 1.1.1u_1,1 openssl30 < 3.0.9_2 openssl31 < 3.1.1_2 CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt
a5956603-7e4f-11ee-9df6-84a93843eb75	OpenSSL -- DoS in DH generation The OpenSSL project reports: Excessive time spent in DH check / generation with large Q parameter value (low). Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Discovery 2023-11-08 Entry 2023-11-08 openssl < 3.0.12_1,1 openssl111 < 1.1.1w_1 openssl31 < 3.1.4_1 openssl-quictls < 3.0.12_1 openssl31-quictls < 3.1.4_1 CVE-2023-5678 https://www.openssl.org/news/secadv/20231106.txt
eb9a3c57-ff9e-11ed-a0d1-84a93843eb75	OpenSSL -- Possible DoS translating ASN.1 identifiers The OpenSSL project reports: Severity: Moderate. Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Discovery 2023-05-30 Entry 2023-05-31 openssl < 1.1.1u,1 openssl30 < 3.0.9 openssl31 < 3.1.1 openssl-quictls < 3.0.9 CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt
425b9538-ce5f-11ed-ade3-d4c9ef517024	OpenSSL -- Multiple vulnerabilities The OpenSSL project reports: Severity: low Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. Discovery 2023-03-28 Entry 2023-03-29 openssl < 1.1.1t,1_2 openssl30 < 3.0.8_2 openssl31 < 3.1.0_2 openssl-quic < 3.0.8_2 CVE-2023-0465 CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt
10dee731-c069-11ee-9190-84a93843eb75	OpenSSL -- Multiple vulnerabilities The OpenSSL project reports: Excessive time spent checking invalid RSA public keys (CVE-2023-6237) PKCS12 Decoding crashes (CVE-2024-0727) Discovery 2024-01-30 Entry 2024-01-31 openssl < 3.0.13,1 openssl-quictls < 3.0.13 openssl31 < 3.1.5 openssl31-quictls < 3.1.5 openssl32 < 3.2.1 CVE-2024-0727 CVE-2023-6237 https://www.openssl.org/news/secadv/20240125.txt https://www.openssl.org/news/secadv/20240115.txt https://www.openssl.org/news/openssl-3.0-notes.html https://www.openssl.org/news/openssl-3.1-notes.html https://www.openssl.org/news/openssl-3.2-notes.html