Openssl Security Vulnerabilities and Issues — Openssl CVE List

Lucene search

OpensslOpenssl

9 matches found

CVE•added 2024/04/25 7:15 a.m.•6430 views

CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may takea long time. Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may...

5.9CVSS6.3AI score0.00539EPSS

CVE•added 2024/11/13 11:15 a.m.•3357 views

CVE-2024-4741

Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences suchas the corruption of valid data, crashes or execution of arbitrary code.Howeve...

7.5CVSS7.7AI score0.00107EPSS

CVE•added 2024/05/16 4:15 p.m.•767 views

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be veryslow. Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being che...

5.3CVSS6.3AI score0.00067EPSS

CVE•added 2024/06/27 11:15 a.m.•717 views

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with anempty supported client protocols buffer may cause a crash or memory contents tobe sent to the peer. Impact summary: A buffer overread can have a range of potential consequencessuch as unexpected application beahviour or a ...

9.1CVSS7.8AI score0.04721EPSS

CVE•added 2024/01/26 9:15 a.m.•543 views

CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSLto crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrustedsources might terminate abruptly. A file in PKCS12 format can contain certificates and...

5.5CVSS5.8AI score0.00314EPSS

CVE•added 2024/04/08 2:15 p.m.•495 views

CVE-2024-2511

Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to triggerunbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1....

5.9CVSS6.1AI score0.02023EPSS

CVE•added 2024/10/16 5:15 p.m.•394 views

CVE-2024-9143

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrustedexplicit values for the field polynomial can lead to out-of-bounds memory readsor writes. Impact summary: Out of bound memory writes can lead to an application crash oreven a possibility of a remote code execution, howeve...

4.3CVSS4.9AI score0.00652EPSS

CVE•added 2024/09/03 4:15 p.m.•335 views

CVE-2024-6119

Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial ofser...

7.5CVSS6.5AI score0.00672EPSS

CVE•added 2024/01/09 5:15 p.m.•235 views

CVE-2023-6129

Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications runningon PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MACalgori...

6.5CVSS6.8AI score0.01579EPSS