VYPR

apk package

chainguard/openssl-provider-fips-3.4.0

pkg:apk/chainguard/openssl-provider-fips-3.4.0

Vulnerabilities (22)

  • CVE-2024-12797MedFeb 11, 2025
    affected < 0fixed 0

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections u

  • CVE-2024-13176MedJan 20, 2025
    affected < 3.4.0-r4fixed 3.4.0-r4

    Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measurin

Page 2 of 2