Openssl Security Vulnerabilities and Issues — Openssl CVE List

Lucene search

OpensslOpenssl

8 matches found

CVE•added 2023/02/08 8:15 p.m.•1030 views

CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING butthe public structure definition for GENERAL_NAME incorrectly specified the typeof the x400Address field as ASN1_TYPE. This field is subsequently ...

7.4CVSS7.7AI score0.88099EPSS

CVE•added 2023/02/08 8:15 p.m.•869 views

CVE-2023-0215

The public API function BIO_new_NDEF is a helper function used for streamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to support theSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly byend user applications. The function receives a BIO from the calle...

7.5CVSS7.9AI score0.00277EPSS

CVE•added 2023/02/08 8:15 p.m.•821 views

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecr...

5.9CVSS6.9AI score0.0018EPSS

CVE•added 2023/02/08 8:15 p.m.•804 views

CVE-2022-4450

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.If the function succeeds then the "name_out", "header" and "data" arguments arepopulated with pointers to buffers containing the relevant decoded da...

7.5CVSS8AI score0.00116EPSS

CVE•added 2023/02/24 3:15 p.m.•657 views

CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verif...

4.9CVSS6.9AI score0.00325EPSS

CVE•added 2023/02/08 8:15 p.m.•640 views

CVE-2023-0216

An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation...

7.5CVSS7.6AI score0.00625EPSS

CVE•added 2023/02/08 8:15 p.m.•632 views

CVE-2023-0401

A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is...

7.5CVSS7.7AI score0.0076EPSS

CVE•added 2023/02/08 8:15 p.m.•608 views

CVE-2023-0217

An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow...

7.5CVSS7.5AI score0.00361EPSS