openssl

280 tracked vulnerabilities.

CVE-2024-13176 MEDIUM
ECDSA Signature Computation - Timing Side-Channel
Jan 20, 2025
CVSS 4.1
EPSS 0.00
CVE-2024-4741 HIGH
OpenSSL 3.3.0-3.3.1, 3.2.0-3.2.2, 3.1.0-3.1.6, 3.0.0-3.0.14, 1.1.1-1.1.1y - Use-After-Free in SSL_free_buffers
Nov 13, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-9143 MEDIUM
Low-level EC APIs - Memory Corruption
Oct 16, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-6119 HIGH
OpenSSL 3.0.0-3.0.14, 3.2.0-3.2.2, 3.3.0-3.3.1 - Denial of Service via Invalid Memory Access in Certificate Name Check
Sep 03, 2024
CVSS 7.5
EPSS 0.15
CVE-2024-5535 CRITICAL
OpenSSL 1.0.2-1.0.2zk, 1.1.1-1.1.1za, 3.0.0-3.0.14, 3.1.0-3.1.6, 3.2.0-3.2.2, 3.3.0-3.3.1 - Out-of-bounds Read
Jun 27, 2024
CVSS 9.1
EPSS 0.07
CVE-2024-4603 MEDIUM
OpenSSL 3.0.0-3.0.13, 3.1.0-3.1.5, 3.2.0-3.2.1, 3.3.0 - Denial of Service via DSA Key Parameter Check
May 16, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-2511 MEDIUM
OpenSSL 3.2.0-3.2.1, 3.1.0-3.1.5, 3.0.0-3.0.13, 1.1.1-1.1.1x - Denial of Service via TLSv1.3 Session Cache
Apr 08, 2024
CVSS 5.9
EPSS 0.09
CVE-2024-0727 MEDIUM
OpenSSL 1.0.2-1.0.2zj, 1.1.1-1.1.1w, 3.0.0-3.0.12, 3.1.0-3.1.4, 3.2.0 - DoS via PKCS12 NULL Pointer Dereference
Jan 26, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-6237 MEDIUM
OpenSSL 3.0.0-3.0.12, 3.1.0-3.1.4, 3.2.0 - Denial of Service via RSA Public Key Validation
Apr 25, 2024
CVSS 5.9
EPSS 0.01
CVE-2023-6129 MEDIUM
OpenSSL - PowerPC CPU - Memory Corruption
Jan 09, 2024
CVSS 6.5
EPSS 0.03
CVE-2023-5678 MEDIUM
OpenSSL 1.0.2-1.0.2zj, 1.1.1-1.1.1x, 3.0.0-3.0.13, 3.1.0-3.1.5 - DoS via Excessive X9.42 DH Key Length
Nov 06, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-5363 HIGH
OpenSSL 3.0.0-3.0.11 and 3.1.0-3.1.3 - Loss of Confidentiality via IV Truncation in Symmetric Cipher Initialization
Oct 25, 2023
CVSS 7.5
EPSS 0.06
CVE-2023-4807 HIGH
OpenSSL 1.1.1-1.1.1w - Denial of Service via POLY1305 MAC State Corruption on Windows 64
Sep 08, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-3817 MEDIUM
OpenSSL 3.0.0-3.0.9 - Denial of Service via DH Parameter Check
Jul 31, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-3446 MEDIUM
OpenSSL - Denial of Service via DH Parameter Check
Jul 19, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-2975 MEDIUM
OpenSSL 3.0.0-3.0.8 - Improper Authentication in AES-SIV Cipher
Jul 14, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-2650 MEDIUM
OpenSSL - Denial of Service via ASN.1 Object Identifier Processing
May 30, 2023
CVSS 6.5
EPSS 0.92
CVE-2023-1255 MEDIUM
OpenSSL 3.0.0-3.0.8 - Denial of Service via AES-XTS Cipher Decryption Buffer Overread
Apr 20, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-0466 MEDIUM
OpenSSL 1.0.2-1.0.2zh - Improper Certificate Validation via X509_VERIFY_PARAM_add0_policy
Mar 28, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-0465 MEDIUM
OpenSSL 1.0.2-1.0.2zh - Improper Certificate Validation via Policy Processing
Mar 28, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-0464 HIGH
OpenSSL 1.0.2-1.0.2zh - Denial of Service via Malicious X.509 Certificate Chain with Policy Constraints
Mar 22, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-0401 HIGH
OpenSSL 3.0.0-3.0.6 - NULL Pointer Dereference in PKCS7 Signature Verification
Feb 08, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-0286 HIGH
OpenSSL 1.0.2-1.0.2zg - Type Confusion in X.400 Address Processing
Feb 08, 2023
CVSS 7.4
EPSS 0.88
CVE-2023-0217 HIGH
OpenSSL 3.0.0-3.0.6 - Denial of Service via Malformed DSA Public Key Check
Feb 08, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-0216 HIGH
OpenSSL 3.0.0-3.0.6 - Denial of Service via Malformed PKCS7 Data
Feb 08, 2023
CVSS 7.5
EPSS 0.01
Products
openssl 267 OpenSSL 46 fips_object_module 1
Quick Filters
Critical CVEs With Exploits In CISA KEV