📦 Openssl
by Openssl
🔍 What is Openssl?
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows attackers to trigger a stack buffer overflow by sending maliciously crafted CMS AuthEnvelopedData messages with oversized IV parameters. Applications and services parsing unt...
This OpenSSL vulnerability allows memory corruption via a malicious PKCS#12 file containing non-ASCII BMP characters in the friendly name field. When PKCS12_get_friendlyname() processes such files, it...
A type confusion vulnerability in OpenSSL's TimeStamp Response verification allows attackers to cause denial of service by providing malformed timestamp responses. Applications that verify timestamp r...
A NULL pointer dereference vulnerability in OpenSSL's PKCS12_item_decrypt_d2i_ex() function allows attackers to cause denial of service by providing malformed PKCS#12 files. This affects applications ...
A bug in OpenSSL's POLY1305 MAC implementation on Windows 64-bit systems with AVX512-IFMA capable processors can corrupt application state by zeroing XMM registers. This affects servers using OpenSSL ...
This OpenSSL vulnerability allows attackers to cause denial-of-service by exploiting certificate policy constraint processing. When enabled, malicious certificate chains can trigger exponential resour...
This CVE describes a NULL pointer dereference vulnerability in OpenSSL's PKCS7 parsing functions (d2i_PKCS7, d2i_PKCS7_bio, d2i_PKCS7_fp). When applications process malformed PKCS7 data using these fu...
CVE-2023-0286 is a type confusion vulnerability in OpenSSL's X.400 address processing that can cause memory corruption when CRL checking is enabled. Attackers can potentially read memory contents or c...
A double-free vulnerability in OpenSSL's PEM parsing functions allows attackers to cause denial of service through specially crafted PEM files. The vulnerability affects applications that parse PEM fi...
CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands with script privileges when the script processes u...
A memory leak vulnerability in OpenSSL's OPENSSL_LH_flush() function causes unbounded memory growth when processing certificates or keys. This affects long-lived processes like TLS clients/servers usi...
CVE-2022-0778 is a denial-of-service vulnerability in OpenSSL's BN_mod_sqrt() function that can cause infinite loops when parsing specially crafted certificates or private keys containing invalid elli...
This OpenSSL vulnerability allows attackers to cause buffer overruns when applications directly construct ASN.1 strings without proper NUL termination. Exploitation can lead to denial of service or me...
This OpenSSL vulnerability allows certificate chain validation to be bypassed when the X509_V_FLAG_X509_STRICT flag is explicitly set. It affects applications using OpenSSL 1.1.1h-1.1.1j that enable s...
This CVE describes a type confusion vulnerability in OpenSSL's PKCS#12 parsing code where an invalid or NULL pointer dereference occurs when processing malformed PKCS#12 files. The vulnerability can c...
A type confusion vulnerability in OpenSSL's PKCS#7 signature verification allows attackers to cause denial of service by providing malformed signed PKCS#7 data. Applications that verify PKCS#7 signatu...
This vulnerability in OpenSSL's low-level OCB API exposes the last 1-15 bytes of a message in cleartext and unauthenticated when using hardware-accelerated code paths with non-block-aligned lengths. I...
A TLS 1.3 vulnerability in OpenSSL allows attackers to force large memory allocations (up to 22 MiB per connection) via certificate compression, potentially causing denial of service through resource ...
This vulnerability in OpenSSL's line-buffering BIO filter allows heap-based out-of-bounds writes when processing large, newline-free data with short writes in the BIO chain. It primarily affects third...
This vulnerability in OpenSSL allows attackers to cause denial of service or potentially execute arbitrary code by crafting malicious PKCS#12 files that trigger buffer overflows or NULL pointer derefe...
A NULL pointer dereference vulnerability in OpenSSL's SSL_CIPHER_find() function when used with QUIC protocol allows denial of service attacks. Applications using OpenSSL 3.2+ with QUIC support that c...
The OpenSSL 'dgst' command-line tool silently truncates files larger than 16MB when using one-shot signing algorithms (Ed25519, Ed448, ML-DSA variants), creating an integrity gap where trailing data r...
A copy-paste error in OpenSSL 3.5 causes the '-addreject' option in the openssl x509 command to incorrectly mark certificates as trusted for specific uses instead of rejecting them. This affects users...
This vulnerability allows malicious Certificate Authorities to bypass certificate policy checks by including invalid policies in leaf certificates. When policy checking is enabled (non-default configu...