Phone: +877 547 3638

OpenSSL Still vulnerable, fix CVE-2012-2110 not sufficient!

It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 and referenced in this post on unhackable, was not sufficient to correct the issue for OpenSSL 0.9.8. Please see for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct […]

Read More »

OpenSSL Vulnerabilities – CVE-2012-2110, CVE-2006-7250, CVE-2012-1165

Summary: An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. Software Description: – openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use […]

Read More »