VYPR

OpenSSL

by OpenSSL Project

TLS/SSL and cryptography toolkit.

libraryLicense: Apache-2.0WebsiteDocsChangelog

Source repositories

CVEs (378)

  • CVE-2022-1473May 3, 2022
    risk 0.00cvss epss 0.02

    The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys…

  • CVE-2022-1434May 3, 2022
    risk 0.00cvss epss 0.01

    The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an…

  • CVE-2022-1343May 3, 2022
    risk 0.00cvss epss 0.01

    The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate…

  • CVE-2021-4160Jan 28, 2022
    risk 0.00cvss epss 0.04

    There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing…

  • CVE-2021-3711Aug 24, 2021
    risk 0.00cvss epss 0.88

    In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with…

  • CVE-2021-3450Mar 25, 2021
    risk 0.00cvss epss 0.18

    The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve…

  • CVE-2021-28041Mar 5, 2021
    risk 0.00cvss epss 0.03

    ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

  • CVE-2021-23841Feb 16, 2021
    risk 0.00cvss epss 0.07

    The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field…

  • CVE-2021-23839Feb 16, 2021
    risk 0.00cvss epss 0.03

    OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS…

  • CVE-2020-14145Jun 29, 2020
    risk 0.00cvss epss 0.02

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).…

  • CVE-2020-12062Jun 1, 2020
    risk 0.00cvss epss 0.02

    The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory…

  • CVE-2019-1551Dec 6, 2019
    risk 0.00cvss epss 0.14

    There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult…

  • CVE-2019-16905Oct 9, 2019
    risk 0.00cvss epss 0.02

    OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the…

  • CVE-2019-1563Sep 10, 2019
    risk 0.00cvss epss 0.04

    In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message…

  • CVE-2019-1549Sep 10, 2019
    risk 0.00cvss epss 0.06

    OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in…

  • CVE-2019-1547Sep 10, 2019
    risk 0.00cvss epss 0.01

    Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a…

  • CVE-2019-1552Jul 30, 2019
    risk 0.00cvss epss 0.01

    OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options.…

  • CVE-2019-1543Mar 6, 2019
    risk 0.00cvss epss 0.06

    ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12…

  • CVE-2019-1559Feb 27, 2019
    risk 0.00cvss epss 0.17

    If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0…

  • CVE-2018-20685Jan 10, 2019
    risk 0.00cvss epss 0.04

    In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

Page 15 of 19