from 0, < 1.0.1g-1
from 0, < 1.0.1e-2+deb7u5
CRITICAL9.8Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification.
from 0
CRITICAL9.8Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platfor…
from 0, < 3.0.19-1~deb12u2
CRITICAL9.8X.509 Email Address 4-byte Buffer Overflow
from 0, < 3.0.7-1
CRITICAL9.8Heap memory corruption with RSA private key operation
from 0, < 3.0.4-2
CRITICAL9.8SM2 Decryption Buffer Overflow
from 0, < 1.1.1k-1+deb11u1
CRITICAL9.8SM2 Decryption Buffer Overflow
from 0, < 1.1.1d-0+deb10u7
CRITICAL9.8Apache Tomcat affected by vulnerability in TLS and SSL protocol
from 0, < 0.9.8k-6
CRITICAL9.8Apache Tomcat affected by vulnerability in TLS and SSL protocol
from 0, < 0.9.8g-15+lenny11
CRITICAL9.8Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of…
from 0, < 1.0.2i-1
CRITICAL9.8The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote att…
from 0, < 1.0.2i-1
CRITICAL9.8openssl - security update
from 0, < 1.0.1t-1+deb7u1
CRITICAL9.8openssl - security update
from 0, < 1.0.2i-1
CRITICAL9.8openssl - security update
from 0, < 1.0.1t-1+deb8u4
CRITICAL9.8The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a deni…
from 0, < 1.0.2c-1
CRITICAL9.8The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memo…
from 0, < 1.0.2g-1
CRITICAL9.8The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, wh…
from 0, < 1.0.2g-1
CRITICAL9.8Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g…
from 0, < 1.0.2g-1
CRITICAL9.8Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…
from 0, < 0.9.7c
CRITICAL9.1Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fi…
from 0
CRITICAL9.1Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or…
from 0, < 1.1.1w-0+deb11u2
CRITICAL9.1X.509 Name Constraints Read Buffer Overflow
from 0, < 3.0.8-1
HIGH8.8openssl - security update
from 0, < 3.0.18-1~deb12u2
HIGH8.8openssl - security update
from 0, < 3.0.18-1~deb12u2
HIGH8.1Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap…
from 0
HIGH8.1Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE…
from 0
HIGH7.5Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied i…
from 0
HIGH7.5Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…
from 0
HIGH7.5Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL de…
from 0
HIGH7.5Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen str…
from 0
HIGH7.5Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with…
from 0, < 3.5.6-1~deb13u2
HIGH7.5Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frame…
from 0, < 3.5.6-1~deb13u2
HIGH7.5Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memor…
from 0, < 3.0.19-1~deb12u2
HIGH7.5Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happe…
from 0
HIGH7.5Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
from 0
HIGH7.5Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the r…
from 0
HIGH7.5Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds…
from 0, < 3.6.2-1
HIGH7.5Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.
from 0, < 1.1.1w-0+deb11u5
HIGH7.5Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accesse…
from 0, < 1.1.1w-0+deb11u5
HIGH7.5openssl - security update
from 0, < 1.1.1w-0+deb11u4
HIGH7.5openssl - security update
from 0, < 1.1.1w-0+deb11u4
HIGH7.5openssl - security update
from 0, < 3.0.17-1~deb12u3
HIGH7.5Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situatio…
from 0, < 1.1.1w-0+deb11u2
HIGH7.5openssl - security update
from 0, < 3.0.14-1~deb12u2
HIGH7.5openssl - security update
from 0, < 3.0.14-1~deb12u2
HIGH7.5openssl - security update
from 0, < 3.0.11-1~deb12u2
HIGH7.5openssl - security update
from 0, < 3.0.11-1~deb12u2
HIGH7.5openssl - security update
from 0, < 1.1.1n-0+deb11u5
HIGH7.5openssl - security update
from 0, < 1.1.1n-0+deb11u5
HIGH7.5openssl - security update
from 0, < 1.1.1n-0+deb10u5
HIGH7.5Use-after-free following `BIO_new_NDEF`
from 0, < 1.1.1n-0+deb11u4
HIGH7.5Invalid pointer dereference in `d2i_PKCS7` functions
from 0, < 3.0.8-1
HIGH7.5Double free after calling `PEM_read_bio_ex`
from 0, < 1.1.1n-0+deb11u4
HIGH7.5`NULL` dereference validating DSA public key
from 0, < 3.0.8-1
HIGH7.5`NULL` dereference during PKCS7 data verification
from 0, < 3.0.8-1
HIGH7.5Denial of service by double-checked locking in openssl-src
from 0, < 3.0.7-2
HIGH7.5X.509 Email Address Variable Length Buffer Overflow
from 0, < 3.0.7-1
HIGH7.5Using a Custom Cipher with `NID_undef` may lead to NULL encryption
from 0, < 3.0.7-1
HIGH7.5AES OCB fails to encrypt some bytes
from 0, < 1.1.1n-0+deb10u4
HIGH7.5AES OCB fails to encrypt some bytes
from 0, < 1.1.1n-0+deb11u4
HIGH7.5AES OCB fails to encrypt some bytes
from 0, < 1.1.1n-0+deb11u4
HIGH7.5Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
from 0, < 1.1.1k-1+deb11u2
HIGH7.5Integer overflow in CipherUpdate
from 0, < 1.1.0l-1~deb9u3
HIGH7.5Integer overflow in CipherUpdate
from 0, < 1.1.1j-1
HIGH7.5Crash causing Denial of Service attack
from 0, < 1.1.1g-1
HIGH7.5Crash causing Denial of Service attack
from 0, < 1.1.1d-0+deb10u3
HIGH7.5openssl1.0 - security update
from 0, < 1.0.1t-1+deb8u9
HIGH7.5openssl1.0 - security update
from 0, < 1.1.1-1
HIGH7.5openssl1.0 - security update
from 0, < 1.1.0j-1~deb9u1
HIGH7.5A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined process…
from 0, < 1.0.2j-1
HIGH7.5During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa)…
from 0, < 1.1.0e-1
HIGH7.5If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that ser…
from 0, < 1.1.0d-1
HIGH7.5In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the c…
from 0, < 1.1.0d-1
HIGH7.5In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger…
from 0, < 1.1.0c-1
HIGH7.5In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference.
from 0, < 1.1.0c-1
HIGH7.5crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application cra…
from 0, < 1.0.2j-1
HIGH7.5Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a…
from 0, < 1.0.2i-1
HIGH7.5The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket len…
from 0, < 1.0.2i-1
HIGH7.5The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a…
from 0, < 1.0.2i-1
HIGH7.5The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-orde…
from 0, < 1.0.2i-1
HIGH7.5The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in Open…
from 0, < 1.0.2i-1
HIGH7.5The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h a…
from 0, < 1.0.2h-1
HIGH7.5Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote a…
from 0, < 1.0.2h-1
HIGH7.5openssl - security update
from 0, < 1.0.2h-1
HIGH7.5openssl - security update
from 0, < 1.0.1e-2+deb7u21
HIGH7.5openssl - security update
from 0, < 1.0.1k-3+deb8u5
HIGH7.5crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it ea…
from 0, < 0.9.6-1
HIGH7.5Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to c…
from 0, < 1.0.2g-1
HIGH7.5Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap…
from 0, < 1.0.2g-1
HIGH7.5openssl - security update
from 0, < 1.0.1e-2+deb7u18
HIGH7.5openssl - security update
from 0, < 1.0.2e-1
HIGH7.5The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by t…
from 0, < 1.0.2e-1
HIGH7.5The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before…
from 0, < 1.0.2b-1
HIGH7.5OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable…
from 0, < 0.9.8g-9
HIGH7.5The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorith…
from 0, < 0.9.8-1
HIGH7.5openssl - several vulnerabilities
from 0, < 0.9.7d-1
HIGH7.5openssl - several vulnerabilities
from 0, < 0.9.6c-2.woody.6
HIGH7.4Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentic…
from 0, < 3.5.6-1~deb13u2
HIGH7.4Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name c…
from 0, < 1.1.1w-0+deb11u5
HIGH7.4X.400 address type confusion in X.509 `GeneralName`
from 0, < 1.1.1n-0+deb11u4
HIGH7.4Read buffer overruns processing ASN.1 strings
from 0, < 1.1.1k-1+deb11u1
HIGH7.4Read buffer overruns processing ASN.1 strings
from 0, < 1.1.0l-1~deb9u4
HIGH7.4CA certificate check bypass with X509_V_FLAG_X509_STRICT
from 0, < 1.1.1k-1
HIGH7.4openssl - security update
from 0, < 1.1.1c-1
HIGH7.4openssl - security update
from 0, < 1.1.0k-1~deb9u1
HIGH7.4OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, wh…
from 0, < 1.0.1h-1
HIGH7.3openssl - security update
from 0, < 1.1.1n-0+deb11u3
HIGH7.3openssl - security update
from 0, < 1.1.1n-0+deb10u3
HIGH7.3openssl - security update
from 0, < 1.1.1n-0+deb10u2
HIGH7.3openssl - security update
from 0, < 1.1.0l-1~deb9u6
HIGH7.3openssl - security update
from 0, < 1.1.1n-0+deb11u2
MEDIUM6.5Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group config…
from 0, < 3.5.5-1~deb13u2
MEDIUM6.5Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implement…
from 0, < 3.5.1-1+deb13u1
MEDIUM6.5Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.
from 0, < 3.5.0-2
MEDIUM6.5Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applic…
from 0, < 3.0.13-1~deb12u1
MEDIUM6.5Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow.
from 0, < 1.1.1n-0+deb11u5
MEDIUM6.5openssl1.0 - security update
from 0, < 1.0.1t-1+deb7u4
MEDIUM6.5openssl1.0 - security update
from 0, < 1.1.0h-1
MEDIUM6.5openssl1.0 - security update
from 0, < 1.0.1t-1+deb8u8
MEDIUM6.5There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g.
from 0, < 1.1.0g-1
MEDIUM6.5The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic…
from 0, < 1.0.2d-1
MEDIUM6.3Vulnerable OpenSSL included in cryptography wheels
from 0, < 3.4.1-1
MEDIUM6.1Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer o…
from 0, < 3.5.4-1~deb13u2
MEDIUM5.9Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption.
from 0
MEDIUM5.9Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client…
from 0
MEDIUM5.9Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without che…
from 0, < 3.5.4-1~deb13u2
MEDIUM5.9Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite…
from 0, < 3.5.4-1~deb13u2
MEDIUM5.9Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment v…
from 0, < 3.0.17-1~deb12u3
MEDIUM5.9Issue summary: Checking excessively long invalid RSA public keys may take a long time.
from 0, < 3.0.13-1~deb12u1
MEDIUM5.9Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary…
from 0, < 1.1.1w-0+deb11u2
MEDIUM5.9Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the inp…
from 0, < 3.0.9-1
MEDIUM5.9Timing Oracle in RSA Decryption
from 0, < 1.1.1n-0+deb11u4
MEDIUM5.9openssl - security update
from 0, < 1.1.1d-0+deb10u8
MEDIUM5.9openssl - security update
from 0, < 1.1.1k-1+deb11u2
MEDIUM5.9NULL pointer deref in signature_algorithms processing
from 0, < 1.1.1d-0+deb10u6
MEDIUM5.9NULL pointer deref in signature_algorithms processing
from 0, < 1.1.1k-1
MEDIUM5.9Null pointer deref in `X509_issuer_and_serial_hash()`
from 0, < 1.1.1j-1
MEDIUM5.9EDIPARTYNAME NULL pointer dereference
from 0, < 1.1.1i-1
MEDIUM5.9EDIPARTYNAME NULL pointer dereference
from 0, < 1.1.1d-0+deb10u4
MEDIUM5.9EDIPARTYNAME NULL pointer dereference
from 0, < 1.1.0l-1~deb9u2
MEDIUM5.9openssl1.0 - security update
from 0, < 1.1.0b-2
MEDIUM5.9openssl1.0 - security update
from 0, < 1.0.1t-1+deb8u11
MEDIUM5.9The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
from 0, < 1.1.1a-1
MEDIUM5.9openssl - security update
from 0, < 1.1.1a-1
MEDIUM5.9openssl - security update
from 0, < 1.0.1t-1+deb8u10
MEDIUM5.9The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack.
from 0, < 1.1.0h-3
MEDIUM5.9Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of e…
from 0, < 1.1.0h-1
MEDIUM5.9There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.
from 0, < 1.1.0h-1
MEDIUM5.9openssl1.0 - security update
from 0, < 1.1.0b-2
MEDIUM5.9There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c tha…
from 0, < 1.1.0c-1
MEDIUM5.9There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d.
from 0, < 1.1.0d-1
MEDIUM5.9The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-b…
from 0, < 1.0.2i-1
MEDIUM5.9The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding che…
from 0, < 1.0.2h-1
MEDIUM5.9An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.…
from 0, < 1.0.0c-2
MEDIUM5.9The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.…
from 0, < 1.0.0c-2
MEDIUM5.9The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify m…
from 0, < 1.0.0c-2
MEDIUM5.9openssl - security update
from 0, < 0.9.8o-4squeeze23
MEDIUM5.9openssl - security update
from 0, < 1.0.0c-2
MEDIUM5.9icedove - security update
from 0, < 1.0.1f-1
MEDIUM5.9icedove - security update
from 0, < 1.0.1e-2+deb7u19
MEDIUM5.5Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.
from 0, < 1.1.1w-0+deb11u5
MEDIUM5.5Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and report…
from 0, < 3.5.4-1~deb13u2
MEDIUM5.5Null pointer dereference in PKCS12 parsing
from 0, < 1.1.1w-0+deb11u2
MEDIUM5.5openssl - security update
from 0, < 1.0.2a-1
MEDIUM5.5openssl - security update
from 0, < 1.0.1t-1+deb8u6
MEDIUM5.5openssl - security update
from 0, < 1.0.1t-1+deb7u2
MEDIUM5.5The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations…
from 0, < 1.0.2i-1
MEDIUM5.3Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CM…
from 0, < 3.5.6-1~deb13u2
MEDIUM5.3Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is…
from 0, < 1.1.1w-0+deb11u5
MEDIUM5.3OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of…
from 0
MEDIUM5.3Issue summary: Checking excessively long DSA keys or parameters may be very slow.
from 0, < 3.0.14-1~deb12u1
MEDIUM5.3openssl - regression update
from 0, < 1.1.1w-0+deb11u2
MEDIUM5.3openssl - regression update
from 0, < 1.1.1n-0+deb11u6
MEDIUM5.3openssl - regression update
from 0, < 1.1.1w-0+deb11u2
MEDIUM5.3Issue summary: Checking excessively long DH keys or parameters may be very slow.
from 0, < 1.1.1v-0~deb11u1
MEDIUM5.3openssl - security update
from 0, < 1.1.1n-0+deb10u6
MEDIUM5.3openssl - security update
from 0, < 1.1.1v-0~deb11u1
MEDIUM5.3Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenti…
from 0, < 3.0.10-1~deb12u1
MEDIUM5.3The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verific…
from 0, < 1.1.1n-0+deb11u5
MEDIUM5.3Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent cer…
from 0, < 1.1.1n-0+deb11u5
MEDIUM5.3openssl - security update
from 0, < 1.1.0l-1~deb9u5
MEDIUM5.3openssl - security update
from 0, < 1.1.1d-0+deb10u5
MEDIUM5.3openssl - security update
from 0, < 1.1.1e-1
MEDIUM5.3OpenSSL 1.1.1 introduced a rewritten random number generator (RNG).
from 0, < 1.1.1d-1
MEDIUM5.3openssl - security update
from 0, < 1.0.1t-1+deb8u7
MEDIUM5.3openssl - security update
from 0, < 1.1.0g-1
MEDIUM5.3openssl - security update
from 0, < 1.0.1t-1+deb7u3
MEDIUM5.3openssl - security update
from 0, < 1.0.2e-1
MEDIUM5.3openssl - security update
from 0, < 0.9.8o-4squeeze22
MEDIUM5.1openssl - security update
from 0, < 1.0.2g-1
MEDIUM5.1openssl - security update
from 0, < 1.0.1e-2+deb7u20
MEDIUM5.0Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, trig…
from 0
MEDIUM4.8Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authent…
from 0
MEDIUM4.7openssl - security update
from 0, < 1.1.1w-0+deb11u5
MEDIUM4.7openssl - security update
from 0, < 1.1.1w-0+deb11u5
MEDIUM4.7openssl1.0 - security update
from 0, < 1.0.1t-1+deb8u12
MEDIUM4.7openssl1.0 - security update
from 0, < 1.1.1d-1
MEDIUM4.7openssl1.0 - security update
from 0, < 1.1.0l-1~deb9u1
MEDIUM4.7Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel…
from 0, < 1.1.1~~pre9-1
MEDIUM4.3Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-…
from 0, < 1.1.1w-0+deb11u2
MEDIUM4.1openssl - security update
from 0, < 1.1.1w-0+deb11u3
MEDIUM4.1openssl - security update
from 0, < 1.1.1w-0+deb11u3
MEDIUM4.0Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is no…
from 0, < 1.1.1w-0+deb11u5
LOW3.7Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provid…
from 0, < 3.5.6-1~deb13u2
LOW3.7Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…
from 0
LOW3.7OpenSSL 1.0.2 supports SSLv2.
from 0, < 1.0.0d-1
LOW3.7openssl1.0 - security update
from 0, < 1.1.0c-1
LOW3.7In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sendin…
from 0, < 1.1.1d-1
LOW3.7The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for…
from 0, < 1.0.2f-2
LOW3.7nss - security update
from 0, < 1.0.2b-1
LOW3.4lighttpd - security update
from 0, < 1.0.1j-1
—ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes t…
from 0, < 1.0.2d-1
—The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segm…
from 0, < 1.0.2e-1
—The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1…
from 0, < 1.0.2b-1
—Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.…
from 0, < 1.0.2b-1
—The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 befo…
from 0, < 1.0.2b-1
—The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.…
from 0, < 1.0.2b-1
—openssl - security update
from 0, < 1.0.1h-1
—openssl - security update
from 0, < 0.9.8o-4squeeze21
—openssl - security update
from 0, < 1.0.1e-2+deb7u17
—The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attacke…
from 0, < 1.0.0c-2
—Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za,…
from 0, < 1.0.1h-1
—The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly ha…
from 0, < 1.0.1k-2
—The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 befo…
from 0, < 1.0.1k-2
—The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 befo…
from 0, < 1.0.1k-2
—The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.…
from 0, < 1.0.1k-2
—openssl - security update
from 0, < 1.0.1k-2
—openssl - security update
from 0, < 0.9.8o-4squeeze20
—openssl - security update
from 0, < 1.0.1e-2+deb7u15
—Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers…
from 0, < 1.0.1k-1
—The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a…
from 0, < 1.0.1k-1
—The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL s…
from 0, < 1.0.1k-1
—OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows…
from 0, < 1.0.1k-1
—The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL s…
from 0, < 1.0.1k-1
—OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer der…
from 0, < 1.0.1k-1
—openssl - security update
from 0, < 0.9.8o-4squeeze19
—openssl - security update
from 0, < 1.0.1k-1
—openssl - security update
from 0, < 1.0.1e-2+deb7u14
—openssl - security update
from 0, < 1.0.1k-1
—OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remot…
from 0, < 1.0.1j-1
—openssl - security update
from 0, < 1.0.1j-1
—openssl - security update
from 0, < 0.9.8o-4squeeze18
—openssl - security update
from 0, < 1.0.1e-2+deb7u13
—openssl - security update
from 0, < 1.0.1j-1
—The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NUL…
from 0, < 1.0.1i-1
—Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause…
from 0, < 1.0.1i-1
—The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS…
from 0, < 1.0.1i-1
—The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allow…
from 0, < 1.0.1i-1
—Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multit…
from 0, < 1.0.1i-1
—The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pr…
from 0, < 1.0.1i-1
—Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows re…
from 0, < 1.0.1i-1
—d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers…
from 0, < 1.0.1i-1
—openssl - security update
from 0, < 0.9.8o-4squeeze17
—openssl - security update
from 0, < 1.0.1i-1
—openssl - security update
from 0, < 1.0.1e-2+deb7u12
—The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an an…
from 0, < 1.0.1h-1
—The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote…
from 0, < 1.0.1h-1
—openssl - security update
from 0, < 1.0.1e-2+deb7u10
—openssl - security update
from 0, < 1.0.1h-1
—openssl - security update
from 0, < 1.0.1g-4
—openssl - security update
from 0, < 1.0.1e-2+deb7u9
—openssl - security update
from 0, < 1.0.1g-3
—openssl - security update
from 0, < 1.0.1e-2+deb7u7
—openssl - security update
from 0, < 1.0.1g-1
—openssl - security update
from 0, < 0.9.8o-4squeeze15
—openssl - programming error
from 0, < 1.0.1f-1
—openssl - programming error
from 0, < 1.0.1e-2+deb7u3
—The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures fo…
from 0, < 1.0.1e-5
—openssl - several
from 0, < 1.0.1e-5
—openssl - several
from 0, < 1.0.1e-2+deb7u1
—The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains poin…
from 0, < 1.1.0b-2
—polarssl - several
from 0, < 1.0.1e-1
—openssl - several vulnerabilities
from 0, < 1.0.1e-1
—openssl - several vulnerabilities
from 0, < 0.9.8o-4squeeze14
—crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows r…
from 0, < 1.0.1e-1
—nginx - information leak
from 0, < 0.9.8o-4squeeze16
—nginx - information leak
from 0, < 1.0.1e-5
—The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter,…
from 0, < 0.9.8a-1
—openssl - integer underflow
from 0, < 0.9.8o-4squeeze13
—openssl - integer underflow
from 0, < 1.0.1c-1
—openssl - incomplete fix
from 0, < 0.9.8o-4squeeze12
—The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not pr…
from 0, < 1.0.1a-1
—The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a den…
from 0, < 1.0.0h-1
—The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restr…
from 0, < 1.0.0h-1
—openssl - multiple
from 0, < 0.9.8o-4squeeze11
—openssl - multiple
from 0, < 1.0.0h-1
—crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving…
from 0, < 0.9.8o-4squeeze3
—openssl - out-of-bounds read
from 0, < 1.0.0g-1
—openssl - out-of-bounds read
from 0, < 0.9.8g-15+lenny16
—The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attacke…
from 0, < 1.0.0f-1
—The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restar…
from 0, < 1.0.0h-1
—OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assert…
from 0, < 1.0.0f-1
—The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher pad…
from 0, < 1.0.0f-1
—Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unsp…
from 0, < 1.0.0c-1
—openssl - several
from 0, < 1.0.0f-1
—openssl - several
from 0, < 0.9.8g-15+lenny15
—The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during p…
from 0, < 1.0.0e-1
—crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attac…
from 0, < 1.0.0e-1
—openssl - compromised certificate authority
from 0, < 0.9.8g-15+lenny12
—openssl - compromised certificate authority
from 0, < 1.0.0e-1
—openssl - invalid memory access
from 0, < 0.9.8o-5
—openssl - invalid memory access
from 0, < 0.9.8o-4squeeze1
—OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the ses…
from 0, < 0.9.8k-1
—OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modifica…
from 0, < 0.9.8o-4
—openssl - buffer overflow
from 0, < 0.9.8g-15+lenny9
—openssl - buffer overflow
from 0, < 0.9.8o-3
—openssl - double free
from 0, < 0.9.8o-2
—openssl - double free
from 0, < 0.9.8g-15+lenny8
—The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not prop…
from 0, < 1.0.0e-1
—The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash)…
from 0, < 0.9.8n-1
—OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2…
from 0, < 0.9.8m-1
—OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for cer…
from 0
—openssl - denial of service
from 0, < 0.9.8g-15+lenny6
—openssl - denial of service
from 0, < 0.9.8k-8
—gnutls13 gnutls26 - SSL certificate
from 0, < 0.9.8c-4etch9
—gnutls13 gnutls26 - SSL certificate
from 0, < 0.9.8k-4
—The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of…
from 0, < 0.9.8k-2
—ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via…
from 0, < 0.9.8k-1
—Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attack…
from 0, < 0.9.8k-1
—Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow…
from 0, < 0.9.8k-1
—The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of…
from 0, < 0.9.8k-1
—openssl openssl097 - denial of service
from 0, < 0.9.8c-4etch5
—openssl openssl097 - denial of service
from 0, < 0.9.8g-16
—OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to…
from 0, < 0.9.8-1
—openssl openssl097 - cryptographic weakness
from 0, < 0.9.8c-4etch4
—openssl openssl097 - cryptographic weakness
from 0, < 0.9.8g-15
—OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchan…
from 0, < 0.9.8g-10.1
—openssl - multiple vulnerabilities
from 0, < 0.9.8g-10.1
—openssl - multiple vulnerabilities
from 0, < 0.9.8g-10+lenny1
—Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecifie…
from 0, < 0.9.8f-1
—openssl - arbitrary code execution
from 0, < 0.9.7e-3sarge5
—openssl - arbitrary code execution
from 0, < 0.9.8e-9
—openssl - predictable random number generator
from 0, < 0.9.8c-4etch3
—openssl - predictable random number generator
from 0, < 0.9.8e-6
—openssl
from 0, < 0.9.7e-3sarge4
—openssl
from 0, < 0.9.8c-2
—openssl096
from 0, < 0.9.8c-2
—Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspec…
from 0, < 0.9.8c-2
—The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows rem…
from 0, < 0.9.8c-2
—openssl096 - cryptographic weakness
from 0, < 0.9.8b-3
—openssl096 - cryptographic weakness
from 0, < 0.9.7e-3sarge2
—openssl - cryptographic weakness
from 0, < 0.9.8-3
—openssl - cryptographic weakness
from 0, < 0.9.6c-2.woody.8
—openssl - insecure temporary file
from 0, < 0.9.7e-3
—openssl - insecure temporary file
from 0, < 0.9.6c-2.woody.7
—OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (inf…
from 0, < 0.9.6d-1
—The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of…
from 0, < 0.9.7d-1
—OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a…
from 0, < 0.9.7c
—openssl095 - ASN.1 parsing vulnerability
from 0, < 0.9.6c-2.woody.4
—OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to c…
from 0, < 0.9.6g-1
—openssl095 - ASN.1 parsing vulnerability
from 0, < 0.9.7c
—OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining fac…
from 0, < 0.9.7b-1
—openssl - several vulnerabilities
from 0, < 0.9.6c-2.woody.3
—openssl - several vulnerabilities
from 0, < 0.9.7b-1
—openssl - information leak
from 0, < 0.9.7a-1
—openssl - information leak
from 0, < 0.9.6c-2.woody.2
—openssl - multiple remote exploits
from 0, < 0.9.6c-2.woody.0
—openssl - multiple remote exploits
from 0, < 0.9.6e-1
—Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master ke…
from 0, < 0.9.6e-1
—Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a lar…
from 0, < 0.9.6e-1
—openssl - multiple remote exploits
from 0, < 0.9.6c-2.woody.1
—The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via inval…
from 0, < 0.9.6e-1
—openssl - multiple remote exploits
from 0, < 0.9.6c-2.woody.1