| Bug | Description |
|---|
| CVE-2023-6237 | openssl: Checking excessively long invalid RSA public keys may take a long time |
| CVE-2023-6129 | Issue summary: The POLY1305 MAC (message authentication code) implemen ... |
| CVE-2023-5363 | Issue summary: A bug has been identified in the processing of key and ... |
| CVE-2023-4807 | Issue summary: The POLY1305 MAC (message authentication code) implemen ... |
| CVE-2023-3817 | Issue summary: Checking excessively long DH keys or parameters may be ... |
| CVE-2023-3446 | Issue summary: Checking excessively long DH keys or parameters may be ... |
| CVE-2023-2975 | Issue summary: The AES-SIV cipher implementation contains a bug that c ... |
| CVE-2023-2650 | Issue summary: Processing some specially crafted ASN.1 object identifi ... |
| CVE-2023-1255 | Issue summary: The AES-XTS cipher decryption implementation for 64 bit ... |
| CVE-2023-0466 | The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ... |
| CVE-2023-0465 | Applications that use a non-default option when verifying certificates ... |
| CVE-2023-0464 | A security vulnerability has been identified in all supported versions ... |
| CVE-2023-0401 | A NULL pointer can be dereferenced when signatures are being verified ... |
| CVE-2023-0286 | There is a type confusion vulnerability relating to X.400 address proc ... |
| CVE-2023-0217 | An invalid pointer dereference on read can be triggered when an applic ... |
| CVE-2023-0216 | An invalid pointer dereference on read can be triggered when an applic ... |
| CVE-2023-0215 | The public API function BIO_new_NDEF is a helper function used for str ... |
| CVE-2022-4450 | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses ... |
| CVE-2022-4203 | A read buffer overrun can be triggered in X.509 certificate verificati ... |
| CVE-2022-3996 | If an X.509 certificate contains a malformed policy constraint and pol ... |
| CVE-2022-3786 | A buffer overrun can be triggered in X.509 certificate verification, s ... |
| CVE-2022-3602 | A buffer overrun can be triggered in X.509 certificate verification, s ... |
| CVE-2022-3358 | OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ... |
| CVE-2022-2274 | The OpenSSL 3.0.4 release introduced a serious bug in the RSA implemen ... |
| CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ... |
| CVE-2022-2068 | In addition to the c_rehash shell command injection identified in CVE- ... |
| CVE-2022-1473 | The OPENSSL_LH_flush() function, which empties a hash table, contains ... |
| CVE-2022-1434 | The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly ... |
| CVE-2022-1343 | The function `OCSP_basic_verify` verifies the signer certificate on an ... |
| CVE-2022-1292 | The c_rehash script does not properly sanitise shell metacharacters to ... |
| CVE-2022-0778 | The BN_mod_sqrt() function, which computes a modular square root, cont ... |
| CVE-2021-23841 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts ... |
| CVE-2021-23840 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ... |
| CVE-2021-23839 | OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 ... |
| CVE-2021-4044 | Internally libssl in OpenSSL calls X509_verify_cert() on the client si ... |
| CVE-2021-3712 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ... |
| CVE-2021-3711 | In order to decrypt SM2 encrypted data an application is expected to c ... |
| CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of ... |
| CVE-2021-3449 | An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ... |
| CVE-2020-1971 | The X.509 GeneralName type is a generic type for representing differen ... |
| CVE-2020-1968 | The Raccoon attack exploits a flaw in the TLS specification which can ... |
| CVE-2020-1967 | Server or client applications that call the SSL_check_chain() function ... |
| CVE-2019-1563 | In situations where an attacker receives automated notification of the ... |
| CVE-2019-1559 | If an application encounters a fatal protocol error and then calls SSL ... |
| CVE-2019-1552 | OpenSSL has internal defaults for a directory tree where it can find a ... |
| CVE-2019-1551 | There is an overflow bug in the x64_64 Montgomery squaring procedure u ... |
| CVE-2019-1549 | OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Th ... |
| CVE-2019-1547 | Normally in OpenSSL EC groups always have a co-factor present and this ... |
| CVE-2019-1543 | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input ... |
| CVE-2018-5407 | Simultaneous Multi-threading (SMT) in processors can enable local user ... |
| CVE-2018-0739 | Constructed ASN.1 types with a recursive definition (such as can be fo ... |
| CVE-2018-0737 | The OpenSSL RSA Key generation algorithm has been shown to be vulnerab ... |
| CVE-2018-0735 | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ... |
| CVE-2018-0734 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to ... |
| CVE-2018-0733 | Because of an implementation bug the PA-RISC CRYPTO_memcmp function is ... |
| CVE-2018-0732 | During key agreement in a TLS handshake using a DH(E) based ciphersuit ... |
| CVE-2017-3738 | There is an overflow bug in the AVX2 Montgomery multiplication procedu ... |
| CVE-2017-3737 | OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error stat ... |
| CVE-2017-3736 | There is a carry propagating bug in the x86_64 Montgomery squaring pro ... |
| CVE-2017-3735 | While parsing an IPAddressFamily extension in an X.509 certificate, it ... |
| CVE-2017-3733 | During a renegotiation handshake if the Encrypt-Then-Mac extension is ... |
| CVE-2017-3732 | There is a carry propagating bug in the x86_64 Montgomery squaring pro ... |
| CVE-2017-3731 | If an SSL/TLS server or client is running on a 32-bit host, and a spec ... |
| CVE-2017-3730 | In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad par ... |
| CVE-2016-7056 | A timing attack flaw was found in OpenSSL 1.0.1u and before that could ... |
| CVE-2016-7055 | There is a carry propagating bug in the Broadwell-specific Montgomery ... |
| CVE-2016-7054 | In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1 ... |
| CVE-2016-7053 | In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS struc ... |