VYPR

OpenSSL

by OpenSSL Project

TLS/SSL and cryptography toolkit.

libraryLicense: Apache-2.0WebsiteDocsChangelog

Source repositories

CVEs (378)

  • CVE-2016-6308MedSep 26, 2016
    risk 0.39cvss 5.9epss 0.14

    statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

  • CVE-2016-6307MedSep 26, 2016
    risk 0.39cvss 5.9epss 0.14

    The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and…

  • CVE-2016-0704MedMar 2, 2016
    risk 0.39cvss 5.9epss 0.07

    An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites,…

  • CVE-2016-0703MedMar 2, 2016
    risk 0.39cvss 5.9epss 0.05

    The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows…

  • CVE-2015-3197MedFeb 15, 2016
    risk 0.39cvss 5.9epss 0.11

    ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the…

  • CVE-2015-6564HigAug 24, 2015
    risk 0.39cvss 7.0epss 0.01

    Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

  • CVE-2020-1971MedDec 8, 2020
    risk 0.38cvss 5.9epss 0.07

    The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This…

  • CVE-2015-3195MedDec 6, 2015
    risk 0.38cvss 5.3epss 0.39

    The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information…

  • CVE-2026-22795MedJan 27, 2026
    risk 0.36cvss 5.5epss 0.00

    Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a…

  • CVE-2023-51384MedDec 18, 2023
    risk 0.36cvss 5.5epss 0.00

    In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns…

  • CVE-2016-7056MedSep 10, 2018
    risk 0.36cvss 5.5epss 0.01

    A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

  • CVE-2017-3735MedAug 28, 2017
    risk 0.36cvss 5.3epss 0.18

    While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and…

  • CVE-2016-2178MedJun 20, 2016
    risk 0.36cvss 5.5epss 0.01

    The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

  • CVE-2026-2673MedMar 13, 2026
    risk 0.35cvss 6.5epss 0.00

    Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more…

  • CVE-2025-9231MedSep 30, 2025
    risk 0.35cvss 6.5epss 0.02

    Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow…

  • CVE-2018-15919MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.04

    Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username…

  • CVE-2015-4000LowMay 21, 2015
    risk 0.35cvss 3.7epss 1.00

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…

  • CVE-2026-22796MedJan 27, 2026
    risk 0.34cvss 5.3epss 0.01

    Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact…

  • CVE-2025-27587MedJun 16, 2025
    risk 0.34cvss 5.3epss 0.00

    OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based…

  • CVE-2024-12797MedFeb 11, 2025
    risk 0.34cvss 6.3epss 0.02

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections…

Page 6 of 19