First published: Thu Aug 19 2021(Updated: )
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack.
Credit: openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-apr | <0:1.6.3-107.el8 | 0:1.6.3-107.el8 |
redhat/jbcs-httpd24-apr-util | <0:1.6.1-84.el8 | 0:1.6.1-84.el8 |
redhat/jbcs-httpd24-curl | <0:7.78.0-2.el8 | 0:7.78.0-2.el8 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-78.el8 | 0:2.4.37-78.el8 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-39.el8 | 0:1.39.2-39.el8 |
redhat/jbcs-httpd24-openssl | <1:1.1.1g-8.el8 | 1:1.1.1g-8.el8 |
redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-7.el8 | 0:1.0.0-7.el8 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-22.el8 | 0:0.4.10-22.el8 |
redhat/jbcs-httpd24-apr | <0:1.6.3-107.jbcs.el7 | 0:1.6.3-107.jbcs.el7 |
redhat/jbcs-httpd24-apr-util | <0:1.6.1-84.jbcs.el7 | 0:1.6.1-84.jbcs.el7 |
redhat/jbcs-httpd24-curl | <0:7.78.0-2.jbcs.el7 | 0:7.78.0-2.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-78.jbcs.el7 | 0:2.4.37-78.jbcs.el7 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-39.jbcs.el7 | 0:1.39.2-39.jbcs.el7 |
redhat/jbcs-httpd24-openssl | <1:1.1.1g-8.jbcs.el7 | 1:1.1.1g-8.jbcs.el7 |
redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-7.jbcs.el7 | 0:1.0.0-7.jbcs.el7 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-22.jbcs.el7 | 0:0.4.10-22.jbcs.el7 |
redhat/openssl | <1:1.0.2k-23.el7_9 | 1:1.0.2k-23.el7_9 |
redhat/openssl | <1:1.1.1k-5.el8_5 | 1:1.1.1k-5.el8_5 |
redhat/jws5-tomcat | <0:9.0.50-3.redhat_00004.1.el7 | 0:9.0.50-3.redhat_00004.1.el7 |
redhat/jws5-tomcat-native | <0:1.2.30-3.redhat_3.el7 | 0:1.2.30-3.redhat_3.el7 |
redhat/jws5-tomcat-vault | <0:1.1.8-4.Final_redhat_00004.1.el7 | 0:1.1.8-4.Final_redhat_00004.1.el7 |
redhat/jws5-tomcat | <0:9.0.50-3.redhat_00004.1.el8 | 0:9.0.50-3.redhat_00004.1.el8 |
redhat/jws5-tomcat-native | <0:1.2.30-3.redhat_3.el8 | 0:1.2.30-3.redhat_3.el8 |
redhat/jws5-tomcat-vault | <0:1.1.8-4.Final_redhat_00004.1.el8 | 0:1.1.8-4.Final_redhat_00004.1.el8 |
debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u1 3.0.11-1 | |
redhat/openssl | <1.1.1 | 1.1.1 |
IBM Cognos Analytics | <=12.0.0-12.0.1 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP2 | |
IBM Cognos Analytics | <=11.1.1-11.1.7 FP7 | |
OpenSSL OpenSSL | >=1.0.2<1.0.2za | |
OpenSSL OpenSSL | >=1.1.1<1.1.1l | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
NetApp Clustered Data ONTAP | ||
Netapp Clustered Data Ontap Antivirus Connector | ||
NetApp E-Series SANtricity OS Controller | >=11.0<=11.50.2 | |
Netapp Hci Management Node | ||
Netapp Manageability Software Development Kit | ||
Netapp Santricity Smi-s Provider | ||
Netapp Solidfire | ||
Netapp Storage Encryption | ||
McAfee ePolicy Orchestrator | <5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
McAfee ePolicy Orchestrator | =5.10.0-update_10 | |
McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
McAfee ePolicy Orchestrator | =5.10.0-update_7 | |
McAfee ePolicy Orchestrator | =5.10.0-update_8 | |
McAfee ePolicy Orchestrator | =5.10.0-update_9 | |
Tenable Nessus Network Monitor | <6.0.0 | |
Tenable Tenable.sc | >=5.16.0<=5.19.1 | |
Oracle Essbase | <11.1.2.4.047 | |
Oracle Essbase | >=21.0<21.3 | |
Oracle Essbase | =21.3 | |
Oracle Mysql Connectors | <=8.0.27 | |
Oracle Mysql Enterprise Monitor | <=8.0.25 | |
Oracle Mysql Server | >=5.7.0<=5.7.35 | |
Oracle Mysql Server | >=8.0.0<=8.0.26 | |
Oracle Mysql Workbench | <=8.0.26 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.59 | |
Oracle Secure Backup | =18.1.0.1.0 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
Oracle Communications Cloud Native Core Console | =1.9.0 | |
Oracle Communications Cloud Native Core Security Edge Protection Proxy | =1.7.0 | |
Oracle Communications Cloud Native Core Unified Data Repository | =1.15.0 | |
Oracle Communications Session Border Controller | =8.4 | |
Oracle Communications Session Border Controller | =9.0 | |
Oracle Communications Unified Session Manager | =8.2.5 | |
Oracle Communications Unified Session Manager | =8.4.5 | |
Oracle Enterprise Communications Broker | =3.2.0 | |
Oracle Enterprise Communications Broker | =3.3.0 | |
Oracle Enterprise Session Border Controller | =8.4 | |
Oracle Enterprise Session Border Controller | =9.0 | |
Oracle Health Sciences Inform Publisher | =6.2.1.0 | |
Oracle Health Sciences Inform Publisher | =6.3.1.1 | |
Oracle Jd Edwards Enterpriseone Tools | <9.2.6.3 | |
Oracle Jd Edwards World Security | =a9.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)