Lucene search

K
OpensslOpenssl

256 matches found

CVE
CVE
added 2012/01/06 1:55 a.m.13039 views

CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

4.3CVSS7.2AI score0.00979EPSS
CVE
CVE
added 2013/02/08 7:55 p.m.12948 views

CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct disting...

2.6CVSS6.8AI score0.00676EPSS
CVE
CVE
added 2012/01/06 1:55 a.m.12942 views

CVE-2011-4109

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.

9.3CVSS8.2AI score0.03015EPSS
CVE
CVE
added 2014/06/05 9:55 p.m.12807 views

CVE-2014-3470

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certifi...

4.3CVSS7.4AI score0.81445EPSS
CVE
CVE
added 2012/01/06 1:55 a.m.12639 views

CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

5CVSS7.9AI score0.03263EPSS
CVE
CVE
added 2012/01/19 7:55 p.m.12285 views

CVE-2012-0050

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

5CVSS8.1AI score0.01697EPSS
CVE
CVE
added 2012/01/06 1:55 a.m.6705 views

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

5CVSS8AI score0.00821EPSS
CVE
CVE
added 2024/04/25 7:15 a.m.6453 views

CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may takea long time. Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may...

5.9CVSS6.3AI score0.00524EPSS
CVE
CVE
added 2014/04/07 10:55 p.m.3952 views

CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS7.5AI score0.94443EPSS
In wildWeb
CVE
CVE
added 2024/11/13 11:15 a.m.3366 views

CVE-2024-4741

Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences suchas the corruption of valid data, crashes or execution of arbitrary code.Howeve...

7.5CVSS7.7AI score0.00116EPSS
CVE
CVE
added 2021/02/16 5:15 p.m.1923 views

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if t...

5.9CVSS7AI score0.0065EPSS
CVE
CVE
added 2016/09/01 12:59 a.m.1574 views

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted sess...

7.5CVSS6.5AI score0.42052EPSS
In wildWeb
CVE
CVE
added 2022/03/15 5:15 p.m.1237 views

CVE-2022-0778

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

7.5CVSS7.8AI score0.05887EPSS
In wildWeb
CVE
CVE
added 2023/07/31 4:15 p.m.1225 views

CVE-2023-3817

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked ha...

5.3CVSS6.2AI score0.00672EPSS
CVE
CVE
added 2009/11/09 5:30 p.m.1192 views

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple ...

5.8CVSS6AI score0.02987EPSS
Web
CVE
CVE
added 2022/05/03 4:15 p.m.1164 views

CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the s...

10CVSS9AI score0.4026EPSS
CVE
CVE
added 2015/05/21 12:59 a.m.1157 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.93647EPSS
In wild
CVE
CVE
added 2022/06/21 3:15 p.m.1157 views

CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there ...

10CVSS9.2AI score0.51848EPSS
CVE
CVE
added 2022/11/01 6:15 p.m.1130 views

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verifi...

7.5CVSS8.2AI score0.86569EPSS
CVE
CVE
added 2023/02/08 8:15 p.m.1056 views

CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING butthe public structure definition for GENERAL_NAME incorrectly specified the typeof the x400Address field as ASN1_TYPE. This field is subsequently ...

7.4CVSS7.7AI score0.78317EPSS
CVE
CVE
added 2020/12/08 4:15 p.m.1052 views

CVE-2020-1971

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrec...

5.9CVSS5.7AI score0.0031EPSS
Web
CVE
CVE
added 2022/11/01 6:15 p.m.991 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verificat...

7.5CVSS8.1AI score0.23715EPSS
Web
CVE
CVE
added 2023/02/08 8:15 p.m.894 views

CVE-2023-0215

The public API function BIO_new_NDEF is a helper function used for streamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to support theSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly byend user applications. The function receives a BIO from the calle...

7.5CVSS7.9AI score0.00148EPSS
CVE
CVE
added 2007/10/13 1:17 a.m.887 views

CVE-2007-4995

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

9.3CVSS7.3AI score0.09567EPSS
CVE
CVE
added 2014/10/15 12:55 a.m.850 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.93693EPSS
CVE
CVE
added 2023/02/08 8:15 p.m.849 views

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecr...

5.9CVSS6.9AI score0.00138EPSS
CVE
CVE
added 2023/02/08 8:15 p.m.829 views

CVE-2022-4450

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.If the function succeeds then the "name_out", "header" and "data" arguments arepopulated with pointers to buffers containing the relevant decoded da...

7.5CVSS8AI score0.00116EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.823 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04632EPSS
CVE
CVE
added 2024/05/16 4:15 p.m.790 views

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be veryslow. Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being che...

5.3CVSS6.3AI score0.00067EPSS
CVE
CVE
added 2023/07/19 12:15 p.m.773 views

CVE-2023-3446

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked ha...

5.3CVSS6.7AI score0.00672EPSS
CVE
CVE
added 2023/05/30 2:15 p.m.757 views

CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no messagesize limit may experience notabl...

6.5CVSS7AI score0.88208EPSS
CVE
CVE
added 2021/03/25 3:15 p.m.753 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.08433EPSS
Web
CVE
CVE
added 2024/06/27 11:15 a.m.744 views

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with anempty supported client protocols buffer may cause a crash or memory contents tobe sent to the peer. Impact summary: A buffer overread can have a range of potential consequencessuch as unexpected application beahviour or a ...

9.1CVSS7.8AI score0.03505EPSS
CVE
CVE
added 2021/02/16 5:15 p.m.730 views

CVE-2021-23840

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating succ...

7.5CVSS8AI score0.00451EPSS
CVE
CVE
added 2023/03/22 5:15 p.m.697 views

CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of comp...

7.5CVSS7.3AI score0.01165EPSS
Web
CVE
CVE
added 2016/05/05 1:59 a.m.690 views

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exi...

5.9CVSS6.9AI score0.77742EPSS
CVE
CVE
added 2020/04/21 2:15 p.m.688 views

CVE-2020-1967

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorit...

7.5CVSS7.5AI score0.53148EPSS
Web
CVE
CVE
added 2023/02/24 3:15 p.m.682 views

CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verif...

4.9CVSS6.9AI score0.00325EPSS
CVE
CVE
added 2023/11/06 4:15 p.m.682 views

CVE-2023-5678

Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise, applicationsthat use DH_check_pub...

5.3CVSS6.4AI score0.00194EPSS
CVE
CVE
added 2023/02/08 8:15 p.m.666 views

CVE-2023-0216

An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation...

7.5CVSS7.6AI score0.00625EPSS
CVE
CVE
added 2023/02/08 8:15 p.m.658 views

CVE-2023-0401

A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is...

7.5CVSS7.7AI score0.0076EPSS
CVE
CVE
added 2021/08/24 3:15 p.m.640 views

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size req...

9.8CVSS9.9AI score0.02221EPSS
CVE
CVE
added 2023/03/28 3:15 p.m.640 views

CVE-2023-0465

Applications that use a non-default option when verifying certificates may bevulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for that certificat...

5.3CVSS6.8AI score0.00337EPSS
CVE
CVE
added 2023/02/08 8:15 p.m.632 views

CVE-2023-0217

An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow...

7.5CVSS7.5AI score0.00361EPSS
CVE
CVE
added 2021/08/24 3:15 p.m.620 views

CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byt...

7.4CVSS8AI score0.01139EPSS
Web
CVE
CVE
added 2018/11/15 9:29 p.m.602 views

CVE-2018-5407

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

4.7CVSS5.6AI score0.00284EPSS
CVE
CVE
added 2024/01/26 9:15 a.m.568 views

CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSLto crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrustedsources might terminate abruptly. A file in PKCS12 format can contain certificates and...

5.5CVSS5.8AI score0.00214EPSS
CVE
CVE
added 2025/01/20 2:15 p.m.551 views

CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would requ...

4.1CVSS4.1AI score0.0008EPSS
CVE
CVE
added 2023/09/08 12:15 p.m.549 views

CVE-2023-4807

Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications on theWindows 64 platform when running on newer X86_64 processors supporting theAVX512-IFMA instructions. Impact summary: If in an application that uses t...

7.8CVSS7.9AI score0.00665EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.526 views

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness,which could result in lo...

7.5CVSS7.5AI score0.00778EPSS
Total number of security vulnerabilities256