rpm package
opensuse/openssl-3&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Tumbleweed
Vulnerabilities (68)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2274 | — | < 3.0.5-1.1 | 3.0.5-1.1 | Jul 1, 2022 | The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computat | ||
| CVE-2022-1473 | — | < 3.0.5-1.1 | 3.0.5-1.1 | May 3, 2022 | The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its | ||
| CVE-2022-1434 | — | < 3.0.5-1.1 | 3.0.5-1.1 | May 3, 2022 | The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an Op | ||
| CVE-2022-1343 | — | < 3.0.5-1.1 | 3.0.5-1.1 | May 3, 2022 | The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fail | ||
| CVE-2022-1292 | — | < 3.0.5-1.1 | 3.0.5-1.1 | May 3, 2022 | The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the | ||
| CVE-2022-0778 | Hig | 7.5 | < 3.0.2-1.1 | 3.0.2-1.1 | Mar 15, 2022 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv | |
| CVE-2021-4044 | — | < 3.0.1-1.1 | 3.0.1-1.1 | Dec 14, 2021 | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL | ||
| CVE-2020-1971 | — | < 3.0.1-1.1 | 3.0.1-1.1 | Dec 8, 2020 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi |
- CVE-2022-2274Jul 1, 2022affected < 3.0.5-1.1fixed 3.0.5-1.1
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computat
- CVE-2022-1473May 3, 2022affected < 3.0.5-1.1fixed 3.0.5-1.1
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its
- CVE-2022-1434May 3, 2022affected < 3.0.5-1.1fixed 3.0.5-1.1
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an Op
- CVE-2022-1343May 3, 2022affected < 3.0.5-1.1fixed 3.0.5-1.1
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fail
- CVE-2022-1292May 3, 2022affected < 3.0.5-1.1fixed 3.0.5-1.1
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the
- affected < 3.0.2-1.1fixed 3.0.2-1.1
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv
- CVE-2021-4044Dec 14, 2021affected < 3.0.1-1.1fixed 3.0.1-1.1
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL
- CVE-2020-1971Dec 8, 2020affected < 3.0.1-1.1fixed 3.0.1-1.1
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi
Page 4 of 4