Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

OpenSSL — Vulnerabilities & Security Advisories 117

Browse all 117 CVE security advisories affecting OpenSSL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenSSL is an open-source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, primarily used to encrypt network traffic for web servers, email systems, and other internet services. Its widespread adoption makes it a critical infrastructure component, yet its complexity has historically led to numerous vulnerabilities. Common flaw classes include buffer overflows, memory corruption issues, and logic errors that can facilitate remote code execution or denial of service attacks. Notable incidents, such as the Heartbleed bug, exposed sensitive memory data, highlighting risks associated with complex cryptographic implementations. With approximately 99 recorded CVEs, the project emphasizes rigorous code auditing and timely patching to mitigate these risks. Developers must maintain strict version control and apply updates promptly to ensure secure communications, as unpatched instances remain vulnerable to exploitation by malicious actors seeking to intercept or manipulate data in transit.

Top products by OpenSSL: OpenSSL OpenSSL extension of Ruby (Git trunk)
CVE IDTitleCVSSSeverityPublished
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function — OpenSSLCWE-416--2026-06-09
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes — OpenSSLCWE-325--2026-06-09
CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email() — OpenSSLCWE-125--2026-06-09
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path — OpenSSLCWE-325--2026-06-09
CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q — OpenSSLCWE-325--2026-06-09
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate — OpenSSLCWE-295--2026-06-09
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() — OpenSSLCWE-514--2026-06-09
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption — OpenSSLCWE-476--2026-06-09
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption — OpenSSLCWE-476--2026-06-09
CVE-2026-42765 NULL Dereference in Certificate Verification with OCSP Checking — OpenSSLCWE-476--2026-06-09
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling — OpenSSLCWE-476--2026-06-09
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler — OpenSSLCWE-1325--2026-06-09
CVE-2026-35188 Double-free When Checking OCSP Stapled Response — OpenSSLCWE-415--2026-06-09
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages — OpenSSLCWE-354--2026-06-09
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys — OpenSSLCWE-354--2026-06-09
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing — OpenSSLCWE-125--2026-06-09
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption — OpenSSLCWE-125--2026-06-09
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion — OpenSSLCWE-787--2026-06-09
CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation — OpenSSLCWE-754 7.5AIHighAI2026-04-07
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion — OpenSSLCWE-787 9.8AICriticalAI2026-04-07
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo — OpenSSLCWE-476 7.5AIHighAI2026-04-07
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo — OpenSSLCWE-476 7.5AIHighAI2026-04-07
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL — OpenSSLCWE-476 7.5AIHighAI2026-04-07
CVE-2026-28387 Potential Use-after-free in DANE Client Code — OpenSSLCWE-416 9.8AICriticalAI2026-04-07
CVE-2026-28386 Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support — OpenSSLCWE-125 7.5AIHighAI2026-04-07
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group — OpenSSLCWE-757 5.3 -2026-03-13
CVE-2026-22796 ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function — OpenSSLCWE-754 7.5AIHighAI2026-01-27
CVE-2026-22795 Missing ASN1_TYPE validation in PKCS#12 parsing — OpenSSLCWE-754 7.5AIHighAI2026-01-27
CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function — OpenSSLCWE-754 6.2AIMediumAI2026-01-27
CVE-2025-69421 NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function — OpenSSLCWE-476 6.5AIMediumAI2026-01-27

This page lists every published CVE security advisory associated with OpenSSL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.