VYPR

OpenSSL

by OpenSSL Project

TLS/SSL and cryptography toolkit.

libraryLicense: Apache-2.0WebsiteDocsChangelog

Source repositories

CVEs (378)

  • CVE-2020-1968LowSep 9, 2020
    risk 0.24cvss 3.7epss 0.05

    The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop…

  • CVE-2026-35386LowApr 2, 2026
    risk 0.23cvss 3.6epss 0.00

    In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

  • CVE-2025-61985LowOct 6, 2025
    risk 0.23cvss 3.6epss 0.00

    ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

  • CVE-2025-61984LowOct 6, 2025
    risk 0.23cvss 3.6epss 0.00

    ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration…

  • CVE-2024-9143MedOct 16, 2024
    risk 0.21cvss 4.3epss 0.06

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a…

  • CVE-2026-35387LowApr 2, 2026
    risk 0.20cvss 3.1epss 0.00

    OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

  • CVE-2024-13176MedJan 20, 2025
    risk 0.20cvss 4.1epss 0.01

    Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However,…

  • CVE-2026-42770LowJun 9, 2026
    risk 0.17cvss 3.7epss 0.00

    Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r (a small…

  • CVE-2026-42768LowJun 9, 2026
    risk 0.17cvss 3.7epss 0.00

    Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an…

  • CVE-2025-3416LowApr 8, 2025
    risk 0.17cvss 3.7epss 0.00

    A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

  • CVE-2026-35388LowApr 2, 2026
    risk 0.16cvss 2.5epss 0.00

    OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

  • CVE-2014-0195Jun 5, 2014
    risk 0.11cvss epss 1.00

    The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2002-0656Aug 12, 2002
    risk 0.10cvss epss 0.90

    Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

  • CVE-2009-1386Jun 4, 2009
    risk 0.09cvss epss 0.80

    ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

  • CVE-2023-2650May 30, 2023
    risk 0.07cvss epss 0.73

    Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size…

  • CVE-2023-0286Feb 8, 2023
    risk 0.07cvss epss 0.59

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This…

  • CVE-2014-3470Jun 5, 2014
    risk 0.07cvss epss 0.86

    The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by…

  • CVE-2014-0221Jun 5, 2014
    risk 0.07cvss epss 0.88

    The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

  • CVE-2012-2110Apr 19, 2012
    risk 0.07cvss epss 0.48

    The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory…

  • CVE-2006-5229Oct 10, 2006
    risk 0.07cvss epss 0.54

    OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as…

Page 8 of 19