Openssl Latest High Vulnerabilities

Buffer Overread in SSL_select_next_proto May Lead to Loss of Confidentiality

CVE-2024-5535

OpenSSLOpenSSL9.1CRITICAL

Command Execution Vulnerability in OpenSSL NPM Package by OpenSSL

CVE-2023-49210

Node-OpenSSL ProjectNode-OpenSSL9.8CRITICAL

Incorrect cipher key & IV length processing

CVE-2023-5363

OpenSSLOpenSSL7.5HIGH

POLY1305 MAC implementation corrupts XMM registers on Windows

CVE-2023-4807

OpenSSLOpenSSL7.8HIGH

Excessive Resource Usage Verifying X.509 Policy Constraints

CVE-2023-0464

OpenSSLOpenSSL👾🟡7.5HIGH

NULL dereference validating DSA public key

CVE-2023-0217

OpenSSLOpenSSL7.5HIGH

X.400 address type confusion in X.509 GeneralName

CVE-2023-0286

OpenSSLOpenSSL7.4HIGH

Use-after-free following BIO_new_NDEF

CVE-2023-0215

OpenSSLOpenSSL7.5HIGH

Invalid pointer dereference in d2i_PKCS7 functions

CVE-2023-0216

OpenSSLOpenSSL7.5HIGH

NULL dereference during PKCS7 data verification

CVE-2023-0401

OpenSSLOpenSSL7.5HIGH

Double free after calling PEM_read_bio_ex

CVE-2022-4450

OpenSSLOpenSSL7.5HIGH

X.509 Policy Constraints Double Locking

CVE-2022-3996

OpenSSLOpenSSL7.5HIGH

X.509 Email Address 4-byte Buffer Overflow

CVE-2022-3602

OpenSSLOpenSSL👾🟡EPSS 22%7.5HIGH

X.509 Email Address Variable Length Buffer Overflow

CVE-2022-3786

OpenSSLOpenSSL👾🟡7.5HIGH

Using a Custom Cipher with NID_undef may lead to NULL encryption

CVE-2022-3358

OpenSSLOpenSSL7.5HIGH

RSA implementation bug in AVX512IFMA instructions

CVE-2022-2274

OpenSSLOpenSSL👾🟡9.8CRITICAL

The c_rehash script allows command injection

CVE-2022-2068

OpenSSLOpenSSLEPSS 13%9.8CRITICAL

Resource leakage when decoding certificates and keys

CVE-2022-1473

OpenSSLOpenSSL7.5HIGH

The c_rehash script allows command injection

CVE-2022-1292

OpenSSLOpenSSL👾🟡9.8CRITICAL

Infinite loop in BN_mod_sqrt() reachable when parsing certificates

CVE-2022-0778

OpenSSLOpenSSL👾🟡7.5HIGH

Invalid handling of X509_verify_cert() internal errors in libssl

CVE-2021-4044

OpenSSLOpenSSL7.5HIGH

Read buffer overruns processing ASN.1 strings

CVE-2021-3712

OpenSSLOpenSSL7.4HIGH

SM2 Decryption Buffer Overflow

CVE-2021-3711

OpenSSLOpenSSL9.8CRITICAL

CA certificate check bypass with X509_V_FLAG_X509_STRICT

CVE-2021-3450

OpenSSLOpenSSL7.4HIGH

Integer overflow in CipherUpdate

CVE-2021-23840

OpenSSLOpenSSL👾🟡7.5HIGH

Vulnerability Published:

Sort By:

27 June 2024

Buffer Overread in SSL_select_next_proto May Lead to Loss of Confidentiality

23 November 2023

Command Execution Vulnerability in OpenSSL NPM Package by OpenSSL

25 October 2023

Incorrect cipher key & IV length processing

8 September 2023

POLY1305 MAC implementation corrupts XMM registers on Windows

22 March 2023

Excessive Resource Usage Verifying X.509 Policy Constraints

8 February 2023

NULL dereference validating DSA public key

X.400 address type confusion in X.509 GeneralName

Use-after-free following BIO_new_NDEF

Invalid pointer dereference in d2i_PKCS7 functions

NULL dereference during PKCS7 data verification

Double free after calling PEM_read_bio_ex

13 December 2022

X.509 Policy Constraints Double Locking

1 November 2022

X.509 Email Address 4-byte Buffer Overflow

X.509 Email Address Variable Length Buffer Overflow

11 October 2022

Using a Custom Cipher with NID_undef may lead to NULL encryption

1 July 2022

RSA implementation bug in AVX512IFMA instructions

21 June 2022

The c_rehash script allows command injection

3 May 2022

Resource leakage when decoding certificates and keys

The c_rehash script allows command injection

15 March 2022

Infinite loop in BN_mod_sqrt() reachable when parsing certificates

14 December 2021

Invalid handling of X509_verify_cert() internal errors in libssl

24 August 2021

Read buffer overruns processing ASN.1 strings

SM2 Decryption Buffer Overflow

25 March 2021

CA certificate check bypass with X509_V_FLAG_X509_STRICT

16 February 2021

Integer overflow in CipherUpdate