FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Multiple vulnerabilities

Affected packages
openssl < 3.0.13,1
openssl-quictls < 3.0.13
openssl31 < 3.1.5
openssl31-quictls < 3.1.5
openssl32 < 3.2.1

Details

VuXML ID 10dee731-c069-11ee-9190-84a93843eb75
Discovery 2024-01-30
Entry 2024-01-31

The OpenSSL project reports:

Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

PKCS12 Decoding crashes (CVE-2024-0727)

References

CVE Name CVE-2023-6237
CVE Name CVE-2024-0727
URL https://www.openssl.org/news/openssl-3.0-notes.html
URL https://www.openssl.org/news/openssl-3.1-notes.html
URL https://www.openssl.org/news/openssl-3.2-notes.html
URL https://www.openssl.org/news/secadv/20240115.txt
URL https://www.openssl.org/news/secadv/20240125.txt