Openssl Security Vulnerabilities and Issues — Openssl CVE List

Lucene search

OpensslOpenssl

14 matches found

CVE•added 2023/05/30 2:15 p.m.•711 views

CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers ordata containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no messagesize limit may experience notabl...

6.5CVSS7AI score0.9197EPSS

CVE•added 2018/03/27 9:29 p.m.•357 views

CVE-2018-0739

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

6.5CVSS6.5AI score0.20225EPSS

CVE•added 2017/11/02 5:29 p.m.•330 views

CVE-2017-3736

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely....

6.5CVSS6.5AI score0.06765EPSS

CVE•added 2015/03/19 10:59 p.m.•319 views

CVE-2015-0209

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unsp...

6.8CVSS7AI score0.02624EPSS

CVE•added 2025/02/11 4:15 p.m.•257 views

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate aserver may fail to notice that the server was not authenticated, becausehandshakes don't abort as expected when the SSL_VERIFY_PEER verification modeis set. Impact summary: TLS and DTLS connections using raw public keys ma...

6.3CVSS4.4AI score0.00222EPSS

CVE•added 2024/01/09 5:15 p.m.•228 views

CVE-2023-6129

Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications runningon PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MACalgori...

6.5CVSS6.8AI score0.01912EPSS

CVE•added 2025/05/22 2:16 p.m.•183 views

CVE-2025-4575

Issue summary: Use of -addreject option with the openssl x509 application addsa trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected fora particular use it will be instead marked as trusted for that use. A copy & paste err...

6.5CVSS6.6AI score0.00029EPSS

CVE•added 2015/06/12 7:59 p.m.•176 views

CVE-2015-1791

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) o...

6.8CVSS7.2AI score0.1245EPSS

CVE•added 2014/06/05 9:55 p.m.•167 views

CVE-2014-0195

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow...

6.8CVSS7.8AI score0.90912EPSS

CVE•added 2007/09/27 8:17 p.m.•131 views

CVE-2007-5135

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-373...

6.8CVSS8.4AI score0.7059EPSS

CVE•added 2012/05/14 10:55 p.m.•108 views

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is no...

6.8CVSS8.7AI score0.12291EPSS

CVE•added 2014/08/13 11:55 p.m.•101 views

CVE-2014-3509

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly hav...

6.8CVSS6.4AI score0.1518EPSS

CVE•added 2015/07/09 7:17 p.m.•84 views

CVE-2015-1793

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigge...

6.5CVSS6.1AI score0.85556EPSS

CVE•added 2010/06/03 2:30 p.m.•68 views

CVE-2010-1633

RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive inform...

6.4CVSS8.2AI score0.00501EPSS