Open SSL - Common Vulnerabiliities and Exposures (CVE)
<style><!--table {mso-displayed-decimal-separator:"\."; mso-displayed-thousand-separator:"\,";}@page { mso-header-data:"&LBacklog"; mso-footer-data:""; margin:1in 0.75in 1in 0.75in; mso-header-margin:0.5in; mso-footer-margin:0.5in; mso-page-orientation:Portrait; }tr {mso-height-source:auto; mso-ruby-visibility:none;}col {mso-width-source:auto; mso-ruby-visibility:none;}br {mso-data-placement:same-cell;}ruby {ruby-align:left;}.style0 { mso-number-format:General; text-align:general; vertical-align:bottom; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; border:none; mso-protection:locked visible; mso-style-name:Normal; mso-style-id:0;}.font0 { color:#000000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; }.font1 { color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; }.font2 { color:#44546A; font-size:18pt; font-weight:400; font-style:normal; font-family:"Calibri Light","sans-serif"; }.font3 { color:#44546A; font-size:15pt; font-weight:700; font-style:normal; font-family:"Calibri","sans-serif"; }.font4 { color:#44546A; font-size:13pt; font-weight:700; font-style:normal; font-family:"Calibri","sans-serif"; }.font5 { color:#44546A; font-size:11pt; font-weight:700; font-style:normal; font-family:"Calibri","sans-serif"; }.font6 { color:#006100; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; }.font7 { color:#9C0006; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; }.font8 { color:#9C6500; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; }.font9 { color:#3F3F76; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; }.font10 { color:#3F3F3F; font-size:11pt; font-weight:700; font-style:normal; font-family:"Calibri","sans-serif"; }.font11 { color:#FA7D00; font-size:11pt; font-weight:700; font-style:normal; font-family:"Calibri","sans-serif"; }.font12 { color:#FA7D00; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; }.font13 { color:#FFFFFF; font-size:11pt; font-weight:700; font-style:normal; font-family:"Calibri","sans-serif"; }.font14 { color:#FF0000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; }.font15 { color:#7F7F7F; font-size:11pt; font-weight:400; font-style:italic; font-family:"Calibri","sans-serif"; }.font16 { color:#000000; font-size:11pt; font-weight:700; font-style:normal; font-family:"Calibri","sans-serif"; }.font17 { color:#FFFFFF; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; }.font18 { color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; }.font19 { color:#0563C1; font-size:11pt; font-weight:400; font-style:normal; text-decoration:underline; font-family:"Calibri","sans-serif"; }.font20 { color:#474C54; font-size:9pt; font-weight:400; font-style:normal; font-family:"Lucida Sans Unicode","sans-serif"; }td {mso-style-parent:style0; mso-number-format:General; text-align:general; vertical-align:bottom; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; border:none; mso-protection:locked visible; mso-ignore:padding;}.style0 { text-align:general; vertical-align:bottom; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; mso-protection:locked visible; mso-style-name:"Normal"; }.style1 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style2 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style3 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style4 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style5 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style6 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style7 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style8 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style9 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style10 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style11 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style12 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style13 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.style14 { text-align:general; vertical-align:middle; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.x15 { mso-style-parent:style0; mso-number-format:General; text-align:general; vertical-align:bottom; white-space:nowrap; background:auto; mso-pattern:auto; color:#000000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; mso-protection:locked visible; }.style16 { text-align:general; vertical-align:bottom; white-space:nowrap; background:auto; mso-pattern:auto; color:#0563C1; font-size:11pt; font-weight:400; font-style:normal; text-decoration:underline; font-family:"Calibri","sans-serif"; mso-protection:locked visible; mso-style-name:"Hyperlink"; }.x17 { mso-style-parent:style0; mso-number-format:General; text-align:general; vertical-align:bottom; white-space:normal;word-wrap:break-word; background:auto; mso-pattern:auto; color:#000000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; mso-protection:locked visible; }.x18 { mso-style-parent:style0; mso-number-format:"\@"; text-align:left; vertical-align:bottom; white-space:nowrap; background:#E7E6E6; mso-pattern:auto none; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.x19 { mso-style-parent:style0; mso-number-format:"\@"; text-align:left; vertical-align:bottom; white-space:normal;word-wrap:break-word; background:#E7E6E6; mso-pattern:auto none; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.x20 { mso-style-parent:style0; mso-number-format:General; text-align:left; vertical-align:bottom; white-space:normal;word-wrap:break-word; background:#E7E6E6; mso-pattern:auto none; color:#000000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; mso-protection:locked visible; }.x21 { mso-style-parent:style0; mso-number-format:"\@"; text-align:left; vertical-align:bottom; white-space:nowrap; background:auto; mso-pattern:auto; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.x22 { mso-style-parent:style0; mso-number-format:"\@"; text-align:left; vertical-align:bottom; white-space:normal;word-wrap:break-word; background:auto; mso-pattern:auto; font-size:10pt; font-weight:400; font-style:normal; font-family:"Arial","sans-serif"; mso-protection:locked visible; }.x23 { mso-style-parent:style16; mso-number-format:"\@"; text-align:left; vertical-align:bottom; white-space:normal;word-wrap:break-word; background:auto; mso-pattern:auto; color:#0563C1; font-size:11pt; font-weight:400; font-style:normal; text-decoration:underline; font-family:"Calibri","sans-serif"; mso-protection:locked visible; }.x24 { mso-style-parent:style0; mso-number-format:General; text-align:left; vertical-align:bottom; white-space:normal;word-wrap:break-word; background:auto; mso-pattern:auto; color:#474C54; font-size:9pt; font-weight:400; font-style:normal; font-family:"Lucida Sans Unicode","sans-serif"; mso-protection:locked visible; }.x25 { mso-style-parent:style0; mso-number-format:General; text-align:left; vertical-align:bottom; white-space:normal;word-wrap:break-word; background:auto; mso-pattern:auto; color:#000000; font-size:11pt; font-weight:400; font-style:normal; font-family:"Calibri","sans-serif"; mso-protection:locked visible; }.x26 { mso-style-parent:style0; mso-number-format:General; text-align:left; vertical-align:bottom; white-space:nowrap; background:auto; mso-pattern:auto; color:#474C54; font-size:9pt; font-weight:400; font-style:normal; font-family:"Lucida Sans Unicode","sans-serif"; mso-protection:locked visible; }.x27 { mso-style-parent:style16; mso-number-format:General; text-align:left; vertical-align:middle; white-space:normal;word-wrap:break-word; background:auto; mso-pattern:auto; color:#0563C1; font-size:11pt; font-weight:400; font-style:normal; text-decoration:underline; font-family:"Calibri","sans-serif"; mso-protection:locked visible; }--></style><div class="cells-worksheet" data-sheet-number="0" data-sheet-name="Backlog"><table border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse;table-layout:fixed;width:1478pt"> <colgroup> <col style="mso-width-source:userset;width:106px"></col> <col class="x17" style="mso-width-source:userset;background:none;width:420px"></col> <col class="x17" style="mso-width-source:userset;background:none;width:337px"></col> <col class="x17" style="mso-width-source:userset;background:none;width:254px"></col> <col style="mso-width-source:userset;width:209px"></col> <col class="x17" style="mso-width-source:userset;background:none;width:645px"></col> </colgroup> <tbody> <tr style="mso-height-source:userset;height:15pt" id="r0"> <td class="x18" style="height:15pt;width:79.5pt">ID</td> <td class="x19" style="width:315pt">Title</td> <td class="x19" style="width:252.75pt">Link</td> <td class="x19" style="width:190.5pt">Resolved in Open SSL Version</td> <td class="x18" style="width:156.75pt">Status</td> <td class="x20" style="width:483.75pt">Explanation</td> </tr> <tr style="mso-height-source:userset;height:30pt" id="r1"> <td class="x21" style="height:30pt">B-06279</td> <td class="x22">Security - CVE Alert (CVSS: 10) CVE-2016-0705 OpenSSL Double free vulnerability could allow remote attackers DOS</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0705/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0705/</span></a></td> <td class="x24">Fixed versions 1.0.1s and 1.0.2g</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:60pt" id="r2"> <td class="x21" style="height:60pt">B-06280</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2016-0797 OpenSSL Multiple integer overflows may allow remote attackers to cause a denial of service</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0797/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0797/</span></a></td> <td class="x24">Fixed versions 1.0.1s and 1.0.2g</td> <td class="x21">Not Affected</td> <td class="x25">This vulnerability depends on very large, untrusted data being fed to the BN_dec2bn or BN_hex2bn functions.<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>It is exposed when the size of that data multiplied by 4 results in an integer overflow.<br />While Stonebranch Products do use those functions to generate big numbers (i.e., > 4 GB), the size of input parameters is enforced beforehand. </td> </tr> <tr style="mso-height-source:userset;height:30pt" id="r3"> <td class="x21" style="height:30pt">B-06281</td> <td class="x22">Security - CVE Alert (CVSS: 5) CVE-2016-2105 OpenSSL Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-2105/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-2105/</span></a></td> <td class="x24">Fixed versions 1.0.1t and 1.0.2h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:45pt" id="r4"> <td class="x21" style="height:45pt">B-06282</td> <td class="x22">Security - CVE Alert (CVSS: 10) CVE-2016-0799 OpenSSL fmtstr function in crypto/bio/b_print.c improperly calculates string lengths</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0799/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0799/</span></a></td> <td class="x24">Fixed versions 1.0.1s and 1.0.2g</td> <td class="x21">Not Affected</td> <td class="x25">This vulnerability depends on very large, untrusted data being fed to the BIO_printf functions.<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>Stonebranch Products do call BIO_* functions to display certificate information, but input is controlled.</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r5"> <td class="x21" style="height:39pt">B-06283</td> <td class="x22">Security - CVE Alert (CVSS: 5) CVE-2016-2106 OpenSSL Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c may cause a denial of service</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-2106/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-2106/</span></a></td> <td class="x24">Fixed versions 1.0.1t and 1.0.2h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r6"> <td class="x21" style="height:51.75pt">B-06284</td> <td class="x22">Security - CVE Alert (CVSS: 2.6) CVE-2016-2107 OpenSSL The AES-NI implementation may allow remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session,</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-2107/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-2107/</span></a></td> <td class="x24">Fixed versions 1.0.1t and 1.0.2h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r7"> <td class="x21" style="height:51.75pt">B-06285</td> <td class="x22">Security - CVE Alert (CVSS: 7.8) CVE-2016-2109 OpenSSL<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c may allow remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-2109/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-2109/</span></a></td> <td class="x24">Fixed versions 1.0.1t and 1.0.2h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:90pt" id="r8"> <td class="x21" style="height:90pt">B-06286</td> <td class="x22">Security - CVE Alert (CVSS: 6.4) CVE-2016-2176 OpenSSL The X509_NAME_oneline function in crypto/x509/x509_obj.c may allowremote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-2176/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-2176/</span></a></td> <td class="x22">Fixed versions 1.0.1t and 1.0.2h</td> <td class="x21">Not Affected</td> <td class="x25">This vulnerability depends on a character buffer larger than 1024 bytes being used as input to X509_NAME_oneline().<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>Stonebranch Products use this function, but do not pass a buffer larger than 1000 bytes to it. <br />It's possible that we may add new code that passes a larger buffer to the function, but exposure would still be limited simply by following our established practice of ensuring buffers returned from the function are properly NULL-terminated.</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r9"> <td class="x21" style="height:51.75pt">B-06287</td> <td class="x22">Security - CVE Alert (CVSS: 10) CVE-2016-2842 OpenSSL The doapr_outch function in crypto/bio/b_print.c may allow emote attackers to cause a denial of service (out-of-bounds write or memory consumption)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-2842/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-2842/</span></a></td> <td class="x24">Fixed versions 1.0.1s and 1.0.2g</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:26.25pt" id="r10"> <td class="x21" style="height:26.25pt">B-06304</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2016-0800 SSLv2 protocol "DROWN" attack.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0800/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0800/</span></a></td> <td class="x24">Fixed versions 1.0.1s and 1.0.2g</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use SSLv2.</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r11"> <td class="x21" style="height:39pt">B-06305</td> <td class="x22">Security - CVE Alert (CVSS: 7.8) CVE-2016-0798 Memory leak in the SRP_VBASE_get_by_user implementation may allow remote attackers to cause a denial of service (memory consumption)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0798/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0798/</span></a></td> <td class="x22">Fixed versions 1.0.1s and 1.0.2g</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use SRP Functions.</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r12"> <td class="x21" style="height:51.75pt">B-06306</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2016-0704 get_client_master_key function in s2_srvr.c in the SSLv2 implementation overwrites incorrect MASTER-KEY bytes during use of export cipher suites</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0704/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0704/</span></a></td> <td class="x24">Fixed versions 0.9.8zf, 1.0.0r, 1.0.1m, 1.0.2a</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use SSLv2.</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r13"> <td class="x21" style="height:51.75pt">B-06307</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2016-0703 get_client_master_key function in s2_srvr.c in accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0703/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0703/</span></a></td> <td class="x22">Fixed versions 0.9.8zf, 1.0.0r, 1.0.1m, 1.0.2a</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r14"> <td class="x21" style="height:51.75pt">B-06308</td> <td class="x22">Security - CVE Alert (CVSS: 1.9) CVE-2016-0702 MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c does not properly consider cache-bank access times during modular exponentiation</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0702/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0702/</span></a></td> <td class="x22">Fixed versions 1.0.1s , 1.0.2g</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r15"> <td class="x21" style="height:51.75pt">B-06309</td> <td class="x22">Security - CVE Alert (CVSS: 2.6) CVE-2016-0701 DH_check_pub_key function in crypto/dh/dh_check.c does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-0701/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-0701/</span></a></td> <td class="x26">Fixed versions 1.0.2f</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not support Diffie-Hellman key exchange.</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r16"> <td class="x21" style="height:64.5pt">B-06310</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2015-3197 ssl/s2_srvr.c does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-3197/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-3197/</span></a></td> <td class="x22">Fixed versions 1.0.1r, 1.0.2f</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r17"> <td class="x21" style="height:51.75pt">B-06312</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2015-4000 TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice aka the "Logjam" issue</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-4000/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-4000/</span></a></td> <td class="x22">Fixed versions 1.0.2b</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not support DHE ciphers.</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r18"> <td class="x21" style="height:64.5pt">B-06315</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-3195 The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c mishandles errors caused by malformed X509_ATTRIBUTE data may allow remote attackers to obtain sensitive information from process memory by triggering a decoding failure</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-3195/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-3195/</span></a></td> <td class="x22">Fixed versions 0.9.8zh, 1.0.0t, 1.0.1q, 1.0.2e</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r19"> <td class="x21" style="height:64.5pt">B-06316</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-3194 crypto/rsa/rsa_ameth.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-3194/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-3194/</span></a></td> <td class="x22">Fixed versions 1.0.1q, 1.0.2e</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r20"> <td class="x21" style="height:51.75pt">B-06317</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-1792 do_free_upto function in crypto/cms/cms_smime.c allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-1792/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-1792/</span></a></td> <td class="x22">Fixed versions 0.9.8zg, 1.0.0s, 1.0.1n, 1.0.2b</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r21"> <td class="x21" style="height:51.75pt">B-06318</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-1791 Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-1791/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-1791/</span></a></td> <td class="x22">Fixed versions 0.9.8zg, 1.0.0s, 1.0.1n, 1.0.2b</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r22"> <td class="x21" style="height:51.75pt">B-06320</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-1790 PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-1790/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-1790/</span></a></td> <td class="x22">Fixed versions 0.9.8zg, 1.0.0s, 1.0.1n, 1.0.2b</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not decrypt PKCS#7 data.</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r23"> <td class="x21" style="height:51.75pt">B-06321</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2015-1789 X509_cmp_time function in crypto/x509/x509_vfy.c allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-1789/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-1789/</span></a></td> <td class="x22">Fixed versions 0.9.8zg, 1.0.0s, 1.0.1n, 1.0.2b</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r24"> <td class="x21" style="height:51.75pt">B-06322</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2015-1788 BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-1788/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-1788/</span></a></td> <td class="x22">Fixed versions 0.9.8s, 1.0.0e, 1.0.1n, 1.0.2b</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r25"> <td class="x21" style="height:51.75pt">B-06323</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-0293 SSLv2 implementation allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-0293/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-0293/</span></a></td> <td class="x22">Fixed versions 0.9.8zf, 1.0.0r, 1.0.1m, 1.0.2a</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use SSLv2 and export cipher suites.</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r26"> <td class="x21" style="height:39pt">B-06324</td> <td class="x22">Security - CVE Alert (CVSS: 7.5) CVE-2015-0292 Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c allows remote attackers to cause a denial of service (memory corruption)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-0292/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-0292/</span></a></td> <td class="x22">Fixed versions 0.9.8za, 1.0.0m, 1.0.1h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r27"> <td class="x21" style="height:51.75pt">B-06325</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-0289 PKCS#7 implementation does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-0289/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-0289/</span></a></td> <td class="x22">Fixed versions 0.9.8zf,<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>1.0.0r,<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>1.0.1m,<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>1.0.2a</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r28"> <td class="x21" style="height:51.75pt">B-06326</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-0288 X509_to_X509_REQ function in crypto/x509/x509_req.c might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-0288/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-0288/</span></a></td> <td class="x22">Fixed versions 0.9.8zf, 1.0.0r, 1.0.1m, 1.0.2a</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use X509_to_X509_REQ()</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r29"> <td class="x21" style="height:64.5pt">B-06327</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-0287 ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-0287/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-0287/</span></a></td> <td class="x22">Fixed versions 0.9.8zf, 1.0.0r, 1.0.1m, 1.0.2a</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r30"> <td class="x21" style="height:51.75pt">B-06328</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2015-0286 ASN1_TYPE_cmp function in crypto/asn1/a_type.c does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-0286/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-0286/</span></a></td> <td class="x22">Fixed versions 0.9.8zf, 1.0.0r, 1.0.1m, 1.0.2a</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r31"> <td class="x21" style="height:51.75pt">B-06330</td> <td class="x22">Security - CVE Alert (CVSS: 6.8) CVE-2015-0209 Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c might allow remote attackers to cause a denial of service (memory corruption and application crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-0209/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-0209/</span></a></td> <td class="x22">Fixed versions 0.9.8zf,<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>1.0.0r,<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>1.0.1m,<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>1.0.2a</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use the elliptical curve (EC) family of cipher suites.<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>When/If support for EC ciphers is added, it will be done using a version of OpenSSL that contains a fix for this vulnerability.</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r32"> <td class="x21" style="height:64.5pt">B-06331</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2015-0204 ssl3_get_key_exchange function in s3_clnt.c allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2015-0204/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2015-0204/</span></a></td> <td class="x22">Fixed versions 0.9.8zd, 1.0.0p, 1.0.1k</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r33"> <td class="x21" style="height:51.75pt">B-06332</td> <td class="x22">Security - CVE Alert (CVSS: 7.5) CVE-2014-8176 dtls1_clear_queues function in ssl/d1_lib.c frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-8176/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-8176/</span></a></td> <td class="x22">Fixed versions 0.9.8za, 1.0.0m, 1.0.1h</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use DTLS.</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r34"> <td class="x21" style="height:64.5pt">B-06333</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2014-3572 ssl3_get_key_exchange function in s3_clnt.c allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3572/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3572/</span></a></td> <td class="x26">Fixed versions 0.9.8zd, 1.0.0p, 1.0.1k</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use the elliptical curve (EC) family of cipher suites.<span style="mso-spacerun:yes;font-family:"Times New Roman""> </span>When/If support for EC ciphers is added, it will be done using a version of OpenSSL that contains a fix for this vulnerability.</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r35"> <td class="x21" style="height:39pt">B-06334</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2014-3571 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3571/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3571/</span></a></td> <td class="x22">Fixed versions 0.9.8zd, 1.0.0p, 1.0.1k</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r36"> <td class="x21" style="height:51.75pt">B-06335</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2014-3570 BN_sqr implementation does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3570/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3570/</span></a></td> <td class="x22">Fixed versions 0.9.8zd, 1.0.0p, 1.0.1k</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r37"> <td class="x21" style="height:64.5pt">B-06336</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2014-3569 ssl23_get_client_hello function in s23_srvr.c does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3569/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3569/</span></a></td> <td class="x22"></td> <td class="x21">Pending Investigation</td> <td class="x25"></td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r38"> <td class="x21" style="height:51.75pt">B-06337</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2014-3568 does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3568/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3568/</span></a></td> <td class="x22">Fixed versions 0.9.8zc, 1.0.0o, 1.0.1j</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use the 'no-ssl3' build option. </td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r39"> <td class="x21" style="height:51.75pt">B-06338</td> <td class="x22">Security - CVE Alert (CVSS: 7.1) CVE-2014-3567 Memory leak in the tls_decrypt_ticket function in t1_lib.c allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3567/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3567/</span></a></td> <td class="x22">Fixed versions 0.9.8zc, 1.0.0o, 1.0.1j</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r40"> <td class="x21" style="height:51.75pt">B-06339</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2014-3510 ssl3_send_client_key_exchange function in s3_clnt.c allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash)</td> <td class="x27"><a href="http://www.cvedetails.com/cve/CVE-2014-3510/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3510/</span></a></td> <td class="x22">Fixed versions 0.9.8zb, 1.0.0n, 1.0.1i</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r41"> <td class="x21" style="height:51.75pt">B-06340</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2014-3508 OBJ_obj2txt function in crypto/objects/obj_dat.c does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3508/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3508/</span></a></td> <td class="x22">Fixed versions 0.9.8zb, 1.0.0n, 1.0.1i</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r42"> <td class="x21" style="height:39pt">B-06341</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2014-3507 Memory leak in d1_both.c in the DTLS implementation allows remote attackers to cause a denial of service (memory consumption)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3507/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3507/</span></a></td> <td class="x22">Fixed versions 0.9.8zb, 1.0.0n, 1.0.1i</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r43"> <td class="x21" style="height:39pt">B-06342</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2014-3506 d1_both.c in the DTLS implementation allows remote attackers to cause a denial of service (memory consumption)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3506/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3506/</span></a></td> <td class="x22">Fixed versions 0.9.8zb, 1.0.0n, 1.0.1i</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r44"> <td class="x21" style="height:39pt">B-06343</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2014-3505 Double free vulnerability in d1_both.c in the DTLS implementation allows remote attackers to cause a denial of service (application crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3505/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3505/</span></a></td> <td class="x22">Fixed versions 0.9.8zb, 1.0.0n, 1.0.1i</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r45"> <td class="x21" style="height:51.75pt">B-06344</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2014-3470 ssl3_send_client_key_exchange function in s3_clnt.c when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-3470/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-3470/</span></a></td> <td class="x22">Fixed versions 0.9.8za, 1.0.0m, 1.0.1h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r46"> <td class="x21" style="height:51.75pt">B-06346</td> <td class="x22">Security - CVE Alert (CVSS: 6.8) CVE-2014-0224 does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-0224/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-0224/</span></a></td> <td class="x26">Fixed versions 0.9.8za, 1.0.0m, 1.0.1h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r47"> <td class="x21" style="height:39pt">B-06347</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2014-0221 dtls1_get_message_fragment function in d1_both.c llows remote attackers to cause a denial of service (recursion and client crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-0221/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-0221/</span></a></td> <td class="x22">Fixed versions 0.9.8za, 1.0.0m, 1.0.1h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r48"> <td class="x21" style="height:39pt">B-06348</td> <td class="x22">Security - CVE Alert (CVSS: 6.8) CVE-2014-0195 dtls1_reassemble_fragment function in d1_both.c does not properly validate fragment lengths in DTLS ClientHello messages</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2014-0195/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2014-0195/</span></a></td> <td class="x22">Fixed versions 0.9.8za, 1.0.0m, 1.0.1h</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch products do not use DTLS.</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r49"> <td class="x21" style="height:64.5pt">B-06349</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2013-6449 ssl_get_algorithm2 function in ssl/s3_lib.c obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2013-6449/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2013-6449/</span></a></td> <td class="x22">Fixed versions 1.0.2</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r50"> <td class="x21" style="height:51.75pt">B-06350</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2013-0166 does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2013-0166/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2013-0166/</span></a></td> <td class="x22">Fixed versions 0.9.8y, 1.0.0k, 1.0.1d</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r51"> <td class="x21" style="height:39pt">B-06353</td> <td class="x22">Security - CVE Alert (CVSS: 6.8) CVE-2012-2333 Integer underflow DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2012-2333/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2012-2333/</span></a></td> <td class="x22">Fixed versions 0.9.8x, 1.0.0j, 1.0.1c</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r52"> <td class="x21" style="height:51.75pt">B-06354</td> <td class="x22">Security - CVE Alert (CVSS: 7.5) CVE-2012-2110 asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) </td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2012-2110/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2012-2110/</span></a></td> <td class="x22">Fixed versions 0.9.8v, 1.0.0i, 1.0.1a</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r53"> <td class="x21" style="height:51.75pt">B-06355</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2012-1165 mime_param_cmp function in crypto/asn1/asn_mime.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2012-1165/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2012-1165/</span></a></td> <td class="x22">Fixed versions 0.9.8u, 1.0.0h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:39pt" id="r54"> <td class="x21" style="height:39pt">B-06356</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2012-0884 The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 does not properly restrict certain oracle behavior,</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2012-0884/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2012-0884/</span></a></td> <td class="x22">Fixed versions 0.9.8u, 1.0.0h</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r55"> <td class="x21" style="height:51.75pt">B-06357</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2011-4619 Server Gated Cryptography (SGC) implementation does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2011-4619/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2011-4619/</span></a></td> <td class="x22">Fixed versions 0.9.8s, 1.0.0f</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r56"> <td class="x21" style="height:64.5pt">B-06358</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2011-4577 when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2011-4577/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2011-4577/</span></a></td> <td class="x22">Fixed versions 0.9.8s, 1.0.0f</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r57"> <td class="x21" style="height:64.5pt">B-06359</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2011-4576 SSL 3.0 implementation does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2011-4576/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2011-4576/</span></a></td> <td class="x22">Fixed versions 0.9.8s, 1.0.0f</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r58"> <td class="x21" style="height:51.75pt">B-06360</td> <td class="x22">Security - CVE Alert (CVSS: 9.3) CVE-2011-4109 Double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2011-4109/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2011-4109/</span></a></td> <td class="x22">Fixed version 0.9.8s</td> <td class="x21">Not Affected</td> <td class="x25">Stonebranch products are not impacted by this CVE. Stonebranch Products do not enable X509_V_FLAG_POLICY_CHECK.</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r59"> <td class="x21" style="height:51.75pt">B-06361</td> <td class="x22">Security - CVE Alert (CVSS: 4.3) CVE-2011-4108 DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2011-4108/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2011-4108/</span></a></td> <td class="x22">Fixed versions 0.9.8s</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r60"> <td class="x21" style="height:51.75pt">B-06362</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2006-7250 mime_hdr_cmp function in crypto/asn1/asn_mime.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2006-7250/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2006-7250/</span></a></td> <td class="x22">Fixed version 0.9.8t</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">Agent versions prior to 6.3.0.1 may be impacted. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r61"> <td class="x21" style="height:64.5pt">B-06363</td> <td class="x22">Security - CVE Alert (CVSS: 5.0) CVE-2011-3210 ephemeral ECDH ciphersuite functionality does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2011-3210/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2011-3210/</span></a></td> <td class="x22">Fixed version 0.9.8s, 1.0.0e</td> <td class="x21">Older Versions May Be Affected</td> <td class="x25">All agent versions using OpenSSL 0.9.8r may be at risk. Recommend upgrading to an agent version that uses OpenSSL 1.0.2f or later as soon as possible. 6.3.0.1 / 6.3.0.2</td> </tr> <tr style="mso-height-source:userset;height:51.75pt" id="r62"> <td class="x21" style="height:51.75pt">B-06418</td> <td class="x22">Security - CVE Alert (CVSS: 7.5) CVE-2016-2177 Incorrect use of pointerarithmetic for heap-buffer boundary checks might allow remote attackers to cause a denial of service (integer overflow and application crash)</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-2177/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-2177/</span></a></td> <td class="x22">Fixed versions none as of 6/23/16</td> <td class="x21">Pending Investigation</td> <td class="x25"></td> </tr> <tr style="mso-height-source:userset;height:64.5pt" id="r63"> <td class="x21" style="height:64.5pt">B-06419</td> <td class="x22">Security - CVE Alert (CVSS: 2.1) CVE-2016-2178 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations</td> <td class="x23"><a href="http://www.cvedetails.com/cve/CVE-2016-2178/" target="_parent"><span style="font-size:11pt;color:#0563C1;font-weight:400;text-decoration:underline;text-line-through:none;text-underline-style:single;font-family:"Calibri"">http://www.cvedetails.com/cve/CVE-2016-2178/</span></a></td> <td class="x22">Fixed versions none as of 6/23/2016</td> <td class="x21">Pending Investigation</td> <td class="x25"></td> </tr> <tr style="display:none"> <td style="width:79.5pt"></td> <td style="width:315pt"></td> <td style="width:252.75pt"></td> <td style="width:190.5pt"></td> <td style="width:156.75pt"></td> <td style="width:483.75pt"></td> </tr> </tbody></table></div>