VYPR

OpenSSL

by OpenSSL Project

TLS/SSL and cryptography toolkit.

libraryLicense: Apache-2.0WebsiteDocsChangelog

Source repositories

CVEs (378)

  • CVE-2015-3193HigDec 6, 2015
    risk 0.51cvss 7.5epss 0.25

    The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain…

  • CVE-2026-45447HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.02

    Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a…

  • CVE-2025-15467HigJan 27, 2026
    risk 0.50cvss 8.8epss 0.46

    Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. …

  • CVE-2017-3733HigMay 4, 2017
    risk 0.50cvss 7.5epss 0.13

    During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

  • CVE-2016-7053HigMay 4, 2017
    risk 0.50cvss 7.5epss 0.22

    In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an…

  • CVE-2016-6305HigSep 26, 2016
    risk 0.50cvss 7.5epss 0.16

    The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

  • CVE-2015-1793MedJul 9, 2015
    risk 0.50cvss 6.5epss 0.62

    The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification…

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2026-35385HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

  • CVE-2025-69421HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. …

  • CVE-2025-69420HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. …

  • CVE-2025-26465MedFeb 18, 2025
    risk 0.49cvss 6.8epss 0.07

    A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when…

  • CVE-2024-39894HigJul 2, 2024
    risk 0.49cvss 7.5epss 0.02

    OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

  • CVE-2023-5363HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.03

    Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness,…

  • CVE-2022-3786HigNov 1, 2022
    risk 0.49cvss 7.5epss 0.91

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue…

  • CVE-2022-3602HigNov 1, 2022
    risk 0.49cvss 7.5epss 0.90

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to…

  • CVE-2000-1254HigMay 5, 2016
    risk 0.49cvss 7.5epss 0.03

    crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.

  • CVE-2011-0539HigFeb 10, 2011
    risk 0.49cvss 7.5epss 0.02

    The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it…

  • CVE-2006-5051HigSep 27, 2006
    risk 0.49cvss 8.1epss 0.45

    Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

  • CVE-2005-2946HigSep 16, 2005
    risk 0.49cvss 7.5epss 0.01

    The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.

Page 3 of 19