CVE-2023-5678 - : Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow.
Conclusion: DLP does not use DH keys, and is not vulnerable.
CVE-2023-6237 - Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service.
Conclusion: DLP does not use EVP_PKEY_public_check() nor keys from untrusted sources; Not vulnerable.
CVE-2024-0727 - Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
Conclusion: DLP does not act as an OpenSSL server and does not process certificates from untrusted sources; Not vulnerable.
CVE-2024-2511 - An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used
Conclusion: DLP does not use the non-default SSL_OP_NO_TICKET option; Not Vulnerable.
CVE-2024-4603 - Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.
Conclusion: DLP does not use EVP_PKEY_param_check() or EVP_PKEY_public_check() nor keys from untrusted sources; Not Vulnerable.
CVE-2024-4741 - A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue.
Conclusion: DLP does not call the SSL_free_buffers function directly; Not Vulnerable.
CVE-2024-5535 - A buffer overread can have a range of potential consequences such as unexpected application behavior or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue.
Conclusion: DLP does not call the SSL_select_next_proto function directly; Not vulnerable
CVE-2024-6119 - Abnormal termination of an application can cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate.
Conclusion: Native calls are used to get the alternative name of certificates, instead of using OpenSSL; Not Vulnerable
CVE-2023-5678 - : Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow.
Conclusion: DLP does not use DH keys, and is not vulnerable.
CVE-2023-6237 - Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service.
Conclusion: DLP does not use EVP_PKEY_public_check() nor keys from untrusted sources; Not vulnerable.
CVE-2024-0727 - Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
Conclusion: DLP does not act as an OpenSSL server and does not process certificates from untrusted sources; Not vulnerable.
CVE-2024-2511 - An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used
Conclusion: DLP does not use the non-default SSL_OP_NO_TICKET option; Not Vulnerable.
CVE-2024-4603 - Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.
Conclusion: DLP does not use EVP_PKEY_param_check() or EVP_PKEY_public_check() nor keys from untrusted sources; Not Vulnerable.
CVE-2024-4741 - A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue.
Conclusion: DLP does not call the SSL_free_buffers function directly; Not Vulnerable.
CVE-2024-5535 - A buffer overread can have a range of potential consequences such as unexpected application behavior or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue.
Conclusion: DLP does not call the SSL_select_next_proto function directly; Not vulnerable
CVE-2024-6119 - Abnormal termination of an application can cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate.
Conclusion: Native calls are used to get the alternative name of certificates, instead of using OpenSSL; Not Vulnerable