JLSEC-2026-214 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel...

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...

OSV-2025-491 Heap-buffer-overflow in libssl.soNUMBER

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=427814448 Crash type: Heap-buffer-overflow READ 5 Crash state: libssl.soNUMBER libssl.soNUMBER SSLCTXsetcipherlist...

MAL-2025-4845 Malicious code in libssl-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a236578396bbbb5a2273314d10cf62bb325f71a390452983bfda4ea4fa89e3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in libssl-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a236578396bbbb5a2273314d10cf62bb325f71a390452983bfda4ea4fa89e3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu 16.04 LTS : OpenSSL update (USN-6663-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6663-2 advisory. USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding...

BIT-NODE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

K83823933: OpenSSL Vulnerability CVE-2021-4044

Security Advisory Description Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by...

Security fix for the ALT Linux 10 package libetpan version 1.9.4-alt3

1.9.4-alt3 built Dec. 23, 2022 Mikhail Efremov in task 312089 Dec. 20, 2022 Mikhail Efremov - Fixed libssl knob. - Fixed License tag. - Added Vcs tag. - Patch from upstream: + Fixed crash when stinfolist is NULL fixes: CVE-2022-4121...

CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl

A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO function such...

RUSTSEC-2022-0026 Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

GHSA-MMJF-F5JW-W72Q Invalid handling of `X509_verify_cert()` internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

UBUNTU-CVE-2021-4044

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

CVE-2021-4044

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

CVE-2021-4044

OpenSSL OpenSSL libssl vulnerability CVE-2021-4044 arises when X509_verify_cert() returns a negative internal error (e.g., OOM). OpenSSL mishandles this, causing SSL_connect/SSL_do_handshake to not signal success and SSL_get_error() to return SSL_ERROR_WANT_RETRY_VERIFY, which is unexpected for m...

Invalid handling of `X509_verify_cert()` internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

RUSTSEC-2021-0129 Invalid handling of `X509_verify_cert()` internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

OpenSSL 代码问题漏洞

OpenSSL is a powerful Secure Sockets Layer cryptographic library that includes all major cryptographic algorithms, commonly used keys, certificate wrapper management functions and SSL protocols, and provides rich applications for testing and other purposes. libssl implements the SSL v2/v3 and TLS...

OpenSSL -- Certificate validation issue

The OpenSSL project reports: Invalid handling of X509verifycert internal errors in libssl Moderate Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for...

Debian: Security Advisory (DLA-2766-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-8HFJ-XRJ2-PM22 Certificate check bypass in openssl-src

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...