openssl

298 tracked vulnerabilities.

CVE-2026-9076 HIGH
Out-of-Bounds Read in CMS Password-Based Decryption
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-7383 HIGH
Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Jun 09, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-45447 HIGH
Heap Use-After-Free in the PKCS7_verify() Function
Jun 09, 2026
CVSS 8.8
EPSS 0.03
CVE-2026-45446 MEDIUM
Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Jun 09, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-45445 HIGH
OpenSSL - AES-OCB IV Ignored on EVP_Cipher() Path
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42771 MEDIUM
Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()
Jun 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-42770 LOW
OpenSSL - FFC-DH Peer Validation Uses Attacker-Supplied Q
Jun 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-42769 MEDIUM
Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
Jun 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-42768 LOW
Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Jun 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-42767 MEDIUM
OpenSSL - NULL Pointer Dereference in CRMF EncryptedValue Decryption
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-42766 MEDIUM
OpenSSL - Possible NULL Dereference in Password-Based CMS Decryption
Jun 09, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-42765 HIGH
OpenSSL - NULL Dereference in Certificate Verification with OCSP Checking
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42764 HIGH
NULL Pointer Dereference in QUIC Server Initial Packet Handling
Jun 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-35188 MEDIUM
OpenSSL - Double-Free When Checking OCSP Stapled Response
Jun 09, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34183 HIGH
Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Jun 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34182 CRITICAL
CMS AuthEnvelopedData Processing May Accept Forged Messages
Jun 09, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34181 HIGH
PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Jun 09, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-34180 HIGH
Heap Buffer Over-read in ASN.1 Content Parsing
Jun 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-31790 HIGH
Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-31789 CRITICAL
Heap Buffer Overflow in Hexadecimal Conversion
Apr 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28390 HIGH
Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28389 HIGH
Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28388 HIGH
NULL Pointer Dereference When Processing a Delta CRL
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28387 HIGH
Potential Use-after-free in DANE Client Code
Apr 07, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-28386 HIGH
OpenSSL 3.6.0-3.6.1 - Denial of Service via AES-CFB128 Partial Block Processing
Apr 07, 2026
CVSS 7.5
EPSS 0.00