Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

OpenSSL — Vulnerabilities & Security Advisories 99

Browse all 99 CVE security advisories affecting OpenSSL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products OpenSSL:OpenSSLOpenSSL extension of Ruby (Git trunk)
CVE IDTitleCVSSSeverityPaused
CVE-2024-4603 Excessive time spent checking DSA keys and parameters — OpenSSLCWE-606 7.5AIHighAI2024-05-16
CVE-2023-6237 Excessive time spent checking invalid RSA public keys — OpenSSLCWE-606 7.5 -2024-04-25
CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3 — OpenSSLCWE-1325 7.5AIHighAI2024-04-08
CVE-2024-0727 PKCS12 Decoding crashes — OpenSSLCWE-476 6.5 -2024-01-26
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC — OpenSSLCWE-440 9.8AICriticalAI2024-01-09
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value — OpenSSLCWE-606 5.3 -2023-11-06
CVE-2023-5363 Incorrect cipher key & IV length processing — OpenSSLCWE-684 5.3 -2023-10-24
CVE-2023-4807 POLY1305 MAC implementation corrupts XMM registers on Windows — OpenSSLCWE-440 9.8 -2023-09-08
CVE-2023-3817 Excessive time spent checking DH q parameter value — OpenSSLCWE-606 7.5 -2023-07-31
CVE-2023-3446 Excessive time spent checking DH keys and parameters — OpenSSLCWE-606 7.5 -2023-07-19
CVE-2023-2975 AES-SIV implementation ignores empty associated data entries — OpenSSLCWE-354 7.5 -2023-07-14
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers — OpenSSL 7.5 -2023-05-30
CVE-2023-1255 Input buffer over-read in AES-XTS implementation on 64 bit ARM — OpenSSL 7.5 -2023-04-20
CVE-2023-0466 Certificate policy check not enabled — OpenSSL 5.3 -2023-03-28
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored — OpenSSL 6.5 -2023-03-28
CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints — OpenSSL 7.5 -2023-03-22
CVE-2022-4203 X.509 Name Constraints Read Buffer Overflow — OpenSSL 4.9 -2023-02-24
CVE-2022-4304 Timing Oracle in RSA Decryption — OpenSSL 5.9 -2023-02-08
CVE-2022-4450 Double free after calling PEM_read_bio_ex — OpenSSL 7.5 -2023-02-08
CVE-2023-0215 Use-after-free following BIO_new_NDEF — OpenSSL 9.1 -2023-02-08
CVE-2023-0216 Invalid pointer dereference in d2i_PKCS7 functions — OpenSSL 7.5 -2023-02-08
CVE-2023-0217 NULL dereference validating DSA public key — OpenSSL 7.5 -2023-02-08
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName — OpenSSL 9.1 -2023-02-08
CVE-2023-0401 NULL dereference during PKCS7 data verification — OpenSSL 7.5 -2023-02-08
CVE-2022-3996 X.509 Policy Constraints Double Locking — OpenSSLCWE-667 7.5 -2022-12-13
CVE-2022-3786 X.509 Email Address Variable Length Buffer Overflow — OpenSSL 7.5 -2022-11-01
CVE-2022-3602 X.509 Email Address 4-byte Buffer Overflow — OpenSSL 9.1 -2022-11-01
CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption — OpenSSL 7.5 -2022-10-11
CVE-2022-2097 AES OCB fails to encrypt some bytes — OpenSSL 5.3 -2022-07-05
CVE-2022-2274 RSA implementation bug in AVX512IFMA instructions — OpenSSL 9.8 -2022-07-01

This page lists every published CVE security advisory associated with OpenSSL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.