rpm package
almalinux/compat-openssl10
pkg:rpm/almalinux/compat-openssl10
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-28390 | Hig | 7.5 | < 1:1.0.2o-4.el8_10.2 | 1:1.0.2o-4.el8_10.2 | Apr 7, 2026 | Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur | |
| CVE-2023-0286 | Hig | 7.4 | < 1:1.0.2o-4.el8_10.1 | 1:1.0.2o-4.el8_10.1 | Feb 8, 2023 | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This | |
| CVE-2022-0778 | Hig | 7.5 | < 1:1.0.2o-4.el8_6 | 1:1.0.2o-4.el8_6 | Mar 15, 2022 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv |
- affected < 1:1.0.2o-4.el8_10.2fixed 1:1.0.2o-4.el8_10.2
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur
- affected < 1:1.0.2o-4.el8_10.1fixed 1:1.0.2o-4.el8_10.1
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This
- affected < 1:1.0.2o-4.el8_6fixed 1:1.0.2o-4.el8_6
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv