Openssl Security Vulnerabilities (CVEs)

This CVE describes a type confusion vulnerability in OpenSSL's PKCS#12 parsing code where an invalid or NULL pointer dereference occurs when processin...

A type confusion vulnerability in OpenSSL's PKCS#7 signature verification allows attackers to cause denial of service by providing malformed signed PK...

This OpenSSL vulnerability allows memory corruption via a malicious PKCS#12 file containing non-ASCII BMP characters in the friendly name field. When ...

A type confusion vulnerability in OpenSSL's TimeStamp Response verification allows attackers to cause denial of service by providing malformed timesta...

A NULL pointer dereference vulnerability in OpenSSL's PKCS12_item_decrypt_d2i_ex() function allows attackers to cause denial of service by providing m...

This vulnerability in OpenSSL's low-level OCB API exposes the last 1-15 bytes of a message in cleartext and unauthenticated when using hardware-accele...

A TLS 1.3 vulnerability in OpenSSL allows attackers to force large memory allocations (up to 22 MiB per connection) via certificate compression, poten...

This vulnerability in OpenSSL's line-buffering BIO filter allows heap-based out-of-bounds writes when processing large, newline-free data with short w...

This vulnerability in OpenSSL allows attackers to cause denial of service or potentially execute arbitrary code by crafting malicious PKCS#12 files th...

A NULL pointer dereference vulnerability in OpenSSL's SSL_CIPHER_find() function when used with QUIC protocol allows denial of service attacks. Applic...

The OpenSSL 'dgst' command-line tool silently truncates files larger than 16MB when using one-shot signing algorithms (Ed25519, Ed448, ML-DSA variants...

A copy-paste error in OpenSSL 3.5 causes the '-addreject' option in the openssl x509 command to incorrectly mark certificates as trusted for specific ...

A bug in OpenSSL's POLY1305 MAC implementation on Windows 64-bit systems with AVX512-IFMA capable processors can corrupt application state by zeroing ...

This vulnerability allows malicious Certificate Authorities to bypass certificate policy checks by including invalid policies in leaf certificates. Wh...

This OpenSSL vulnerability allows attackers to cause denial-of-service by exploiting certificate policy constraint processing. When enabled, malicious...

This CVE describes a NULL pointer dereference vulnerability in OpenSSL's PKCS7 parsing functions (d2i_PKCS7, d2i_PKCS7_bio, d2i_PKCS7_fp). When applic...

CVE-2023-0286 is a type confusion vulnerability in OpenSSL's X.400 address processing that can cause memory corruption when CRL checking is enabled. A...

A double-free vulnerability in OpenSSL's PEM parsing functions allows attackers to cause denial of service through specially crafted PEM files. The vu...

CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands ...

A memory leak vulnerability in OpenSSL's OPENSSL_LH_flush() function causes unbounded memory growth when processing certificates or keys. This affects...

CVE-2022-0778 is a denial-of-service vulnerability in OpenSSL's BN_mod_sqrt() function that can cause infinite loops when parsing specially crafted ce...

This OpenSSL vulnerability allows attackers to cause buffer overruns when applications directly construct ASN.1 strings without proper NUL termination...