| CVE-2023-5363 |
AVG-2848 |
Medium |
Yes |
Incorrect calculation |
A bug has been identified in OpenSSL <= 3.1.3, in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or... |
| CVE-2022-1292 |
AVG-2702 |
Medium |
Unknown |
Unknown |
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a... |
| CVE-2021-23841 |
AVG-1581 |
Medium |
Yes |
Denial of service |
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained... |
| CVE-2021-23840 |
AVG-1581 |
Low |
Yes |
Incorrect calculation |
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to... |
| CVE-2021-4044 |
AVG-2641 |
Medium |
Yes |
Denial of service |
A security issue has been found in OpenSSL 3.0.0. Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied... |
| CVE-2021-3712 |
AVG-2315 |
Medium |
Yes |
Information disclosure |
A security issue has been found in OpenSSL before version 1.1.1l. ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which... |
| CVE-2021-3711 |
AVG-2315 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in OpenSSL 1.1.1 before version 1.1.1l. In order to decrypt SM2 encrypted data an application is expected to call the API... |
| CVE-2021-3450 |
AVG-1736 |
High |
Yes |
Certificate verification bypass |
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting... |
| CVE-2021-3449 |
AVG-1736 |
High |
Yes |
Denial of service |
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits... |
| CVE-2020-1971 |
AVG-1335 |
High |
Yes |
Denial of service |
A denial of service security issue was discovered in OpenSSL before 1.1.1i. The X.509 GeneralName type is a generic type for representing different types of... |
| CVE-2020-1967 |
AVG-1139 |
High |
Yes |
Denial of service |
A NULL pointer dereference has been found in OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f. Server or client applications that call the SSL_check_chain()... |
| CVE-2019-1543 |
AVG-919 |
Low |
Yes |
Information disclosure |
An issue has been found in OpenSSL <= 1.1.1b, where an application using ChaCha20-Poly1305 could set a non-default nonce length to be longer than 12 bytes... |
| CVE-2018-0739 |
AVG-540 |
Medium |
No |
Denial of service |
A stack-exhaustion issue has been found in OpenSSL <= 1.1.0h, where constructed ASN.1 types with a recursive definition (such as can be found in PKCS7)... |
| CVE-2018-0737 |
AVG-674 |
Low |
No |
Private key recovery |
A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access... |
| CVE-2018-0735 |
AVG-792 |
Low |
Yes |
Private key recovery |
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could... |
| CVE-2018-0734 |
AVG-792 |
Low |
Yes |
Private key recovery |
A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side... |
| CVE-2018-0732 |
AVG-674 |
Low |
Yes |
Denial of service |
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause... |
| CVE-2017-3738 |
AVG-540 |
Medium |
Yes |
Private key recovery |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected.... |
| CVE-2017-3737 |
AVG-548 |
Medium |
Yes |
Information disclosure |
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then... |
| CVE-2017-3736 |
AVG-477 |
Medium |
Yes |
Information disclosure |
A carry propagation bug has been found in OpenSSL < 1.1.0g in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests... |
| CVE-2017-3735 |
AVG-477 |
Low |
Yes |
Denial of service |
A security issue has been found in OpenSSL < 1.1.0g. If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer... |
| CVE-2017-3732 |
AVG-154 |
Low |
No |
Information disclosure |
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and... |
| CVE-2017-3731 |
AVG-154 |
Medium |
Yes |
Denial of service |
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to... |
| CVE-2016-7056 |
AVG-140 |
Medium |
No |
Private key recovery |
The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized... |
| CVE-2016-7055 |
AVG-154 |
Low |
Yes |
Incorrect calculation |
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256... |
| CVE-2016-7055 |
AVG-67 |
Low |
Yes |
Incorrect calculation |
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256... |
| CVE-2016-7054 |
AVG-143 |
High |
Yes |
Denial of service |
TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a denial of service attack via application crash by corrupting larger payloads. |
| CVE-2016-7053 |
AVG-143 |
Medium |
Yes |
Denial of service |
Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in... |
| CVE-2016-7052 |
AVG-33 |
Medium |
Yes |
Denial of service |
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL... |
| CVE-2016-6309 |
AVG-31 |
Critical |
Yes |
Arbitrary code execution |
The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store... |
| CVE-2016-6306 |
AVG-29 |
Low |
Yes |
Denial of service |
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical... |
| CVE-2016-6304 |
AVG-29 |
High |
Yes |
Denial of service |
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP... |
| CVE-2016-6303 |
AVG-29 |
Low |
Yes |
Arbitrary code execution |
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply... |
| CVE-2016-6302 |
AVG-29 |
Low |
Yes |
Denial of service |
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will... |
| CVE-2016-2183 |
AVG-29 |
Medium |
Yes |
Information disclosure |
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES... |
| CVE-2016-2182 |
AVG-29 |
Low |
Yes |
Arbitrary code execution |
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly... |
| CVE-2016-2181 |
AVG-29 |
Low |
Yes |
Denial of service |
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC... |
| CVE-2016-2180 |
AVG-29 |
Low |
Yes |
Denial of service |
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data... |
| CVE-2016-2179 |
AVG-29 |
Low |
Yes |
Denial of service |
In a DTLS connection where handshake messages are delivered out-of- order those messages that OpenSSL is not yet ready to process will be buffered for later... |
| CVE-2016-2178 |
AVG-29 |
High |
Yes |
Private key recovery |
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means... |
| CVE-2016-2177 |
AVG-29 |
Medium |
Yes |
Denial of service |
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap- buffer boundary checks, which might allow remote attackers to cause a denial of service... |