OpenSSL

TLS/SSL and cryptography toolkit.

libraryLicense: Apache-2.0Website Docs Changelog

Source repositories

https://github.com/openssl/openssl

CVEs (378)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2014-0160	OpenSSL Project OpenSSL	Hig	0.72	7.5	1.00	KEV	Apr 7, 2014	The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by…
CVE-2003-0545	OpenSSL Project OpenSSL	Cri	0.71	9.8	0.85		Nov 17, 2003	Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
CVE-2016-6309	OpenSSL Project OpenSSL	Cri	0.69	9.8	0.70		Sep 26, 2016	statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
CVE-2016-2842	OpenSSL Project OpenSSL	Cri	0.68	9.8	0.54		Mar 3, 2016	The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly…
CVE-2002-0083	Mandrakesoft Mandrake Linux	Cri	0.68	9.8	0.15		Mar 15, 2002	Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2016-2182	OpenSSL Project OpenSSL	Cri	0.67	9.8	0.44		Sep 16, 2016	The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown…
CVE-2016-2177	OpenSSL Project OpenSSL	Cri	0.67	9.8	0.45		Jun 20, 2016	OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc…
CVE-2009-3555	Apache HTTP Server	Cri	0.67	9.8	0.87		Nov 9, 2009	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4…
CVE-2016-6303	OpenSSL Project OpenSSL	Cri	0.66	9.8	0.32		Sep 16, 2016	Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-0799	OpenSSL Project OpenSSL	Cri	0.66	9.8	0.32		Mar 3, 2016	The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a…
CVE-2016-0705	OpenSSL Project OpenSSL	Cri	0.66	9.8	0.26		Mar 3, 2016	Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA…
CVE-2002-0639	OpenSSL Project OpenSSL	Cri	0.65	9.8	0.18		Jul 3, 2002	Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
CVE-2024-6387	Apache Sshd	Hig	0.64	8.1	1.00		Jul 1, 2024	A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…
CVE-2023-28531	OpenSSL Project OpenSSL	Cri	0.64	9.8	0.02		Mar 17, 2023	ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2016-2108	OpenSSL Project OpenSSL	Cri	0.63	9.8	0.78		May 5, 2016	The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
CVE-2014-0224	OpenSSL Project OpenSSL	Hig	0.59	7.4	0.95		Jun 5, 2014	OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and…
CVE-2026-31789	OpenSSL Project OpenSSL	Cri	0.57	9.8	0.00		Apr 7, 2026	Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined…
CVE-2008-0166	OpenSSL Project OpenSSL	Hig	0.57	7.5	0.71		May 13, 2008	OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
CVE-2017-3730	OpenSSL Project OpenSSL	Hig	0.56	7.5	0.55		May 4, 2017	In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
CVE-2016-2183	OpenSSL Project OpenSSL	Hig	0.56	7.5	0.96		Sep 1, 2016	The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a…

CVE-2014-0160HigKEVApr 7, 2014
OpenSSL Project
OpenSSL
risk 0.72cvss 7.5epss 1.00
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by…
CVE-2003-0545CriNov 17, 2003
OpenSSL Project
OpenSSL
risk 0.71cvss 9.8epss 0.85
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
CVE-2016-6309CriSep 26, 2016
OpenSSL Project
OpenSSL
risk 0.69cvss 9.8epss 0.70
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
CVE-2016-2842CriMar 3, 2016
OpenSSL Project
OpenSSL
risk 0.68cvss 9.8epss 0.54
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly…
CVE-2002-0083CriMar 15, 2002
Mandrakesoft
Mandrake Linux
risk 0.68cvss 9.8epss 0.15
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2016-2182CriSep 16, 2016
OpenSSL Project
OpenSSL
risk 0.67cvss 9.8epss 0.44
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown…
CVE-2016-2177CriJun 20, 2016
OpenSSL Project
OpenSSL
risk 0.67cvss 9.8epss 0.45
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc…
CVE-2009-3555CriNov 9, 2009
Apache
HTTP Server
risk 0.67cvss 9.8epss 0.87
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4…
CVE-2016-6303CriSep 16, 2016
OpenSSL Project
OpenSSL
risk 0.66cvss 9.8epss 0.32
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-0799CriMar 3, 2016
OpenSSL Project
OpenSSL
risk 0.66cvss 9.8epss 0.32
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a…
CVE-2016-0705CriMar 3, 2016
OpenSSL Project
OpenSSL
risk 0.66cvss 9.8epss 0.26
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA…
CVE-2002-0639CriJul 3, 2002
OpenSSL Project
OpenSSL
risk 0.65cvss 9.8epss 0.18
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
CVE-2024-6387HigJul 1, 2024
Apache
Sshd
risk 0.64cvss 8.1epss 1.00
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…
CVE-2023-28531CriMar 17, 2023
OpenSSL Project
OpenSSL
risk 0.64cvss 9.8epss 0.02
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2016-2108CriMay 5, 2016
OpenSSL Project
OpenSSL
risk 0.63cvss 9.8epss 0.78
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
CVE-2014-0224HigJun 5, 2014
OpenSSL Project
OpenSSL
risk 0.59cvss 7.4epss 0.95
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and…
CVE-2026-31789CriApr 7, 2026
OpenSSL Project
OpenSSL
risk 0.57cvss 9.8epss 0.00
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined…
CVE-2008-0166HigMay 13, 2008
OpenSSL Project
OpenSSL
risk 0.57cvss 7.5epss 0.71
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
CVE-2017-3730HigMay 4, 2017
OpenSSL Project
OpenSSL
risk 0.56cvss 7.5epss 0.55
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
CVE-2016-2183HigSep 1, 2016
OpenSSL Project
OpenSSL
risk 0.56cvss 7.5epss 0.96
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a…

Page 1 of 19