These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2024-2511 affects certain OpenSSL TLSv1.3 server configurations, not clients. In the risky case, using the non-default SSL_OP_NO_TICKET option can leave the session cache in an incorrect state so it fails to flush as it fills, allowing unbounded memory growth and a denial of service. OpenSSL says the issue does not occur when early_data is configured with the default anti-replay protection, and that F [truncated]
CVE-2024-0727 is a denial-of-service issue in OpenSSL's PKCS12 handling. A maliciously formatted PKCS12 file can trigger a NULL pointer dereference and crash the process that parses it. The issue matters most for applications that accept PKCS12 files from untrusted sources and call the affected OpenSSL APIs.
CVE-2023-6129 is a PowerPC-specific OpenSSL bug in the POLY1305 MAC implementation that can corrupt caller state on newer PowerPC processors supporting PowerISA 2.07 vector instructions. The issue was published by OpenSSL and NVD on 2024-01-09. OpenSSL described the issue as low severity, while NVD assigned a CVSS 3.1 score of 6.5 (medium). The most relevant exposure is on systems where OpenSSL’s ChaCha20 [truncated]
CVE-2023-5678 is a denial-of-service issue in OpenSSL’s X9.42 Diffie-Hellman handling. When applications generate DH keys or validate DH keys/parameters that come from an untrusted source, excessively long X9.42 DH values can trigger long processing delays. The issue was published on 2023-11-06. OpenSSL states that the SSL/TLS implementation and the 3.0/3.1 FIPS providers are not affected.