CRITICAL9.8CVE-2026-45447Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. from 0, < 3.5.7-r0
CRITICAL9.8CVE-2026-31789Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platfor… from 0, < 3.3.7-r0
CRITICAL9.8CVE-2022-3602X.509 Email Address 4-byte Buffer Overflow from 0, < 3.0.7-r0
CRITICAL9.8Heap memory corruption with RSA private key operation
from 0, < 0
CRITICAL9.8openssl - security update
from 0, < 1.1.1l-r0
CRITICAL9.8Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of…
from 0, < 1.0.2h-r3
CRITICAL9.8The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote att…
from 0, < 1.0.2h-r3
CRITICAL9.8openssl - security update
from 0, < 1.0.2h-r1
CRITICAL9.1Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fi…
from 0, < 3.5.7-r0
CRITICAL9.1Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or…
from 0, < 3.0.14-r0
CRITICAL9.1X.509 Name Constraints Read Buffer Overflow
from 0, < 3.0.8-r0
HIGH8.8openssl - security update
from 0, < 3.0.19-r0
HIGH8.2The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain…
from 0, < 1.0.2h-r0
HIGH8.1Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap…
from 0, < 3.5.7-r0
HIGH8.1Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE…
from 0, < 3.3.7-r0
HIGH7.8Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applic…
from 0, < 0
HIGH7.5Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied i…
from 0, < 3.5.7-r0
HIGH7.5Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…
from 0, < 3.5.7-r0
HIGH7.5Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen str…
from 0, < 3.5.7-r0
HIGH7.5Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with…
from 0, < 3.5.7-r0
HIGH7.5Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frame…
from 0, < 3.5.7-r0
HIGH7.5Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memor…
from 0, < 3.3.7-r0
HIGH7.5Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happe…
from 0, < 3.3.7-r0
HIGH7.5Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
from 0, < 3.3.7-r0
HIGH7.5Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the r…
from 0, < 3.3.7-r0
HIGH7.5Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.
from 0, < 3.0.19-r0
HIGH7.5Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accesse…
from 0, < 3.0.19-r0
HIGH7.5openssl - security update
from 0, < 3.0.19-r0
HIGH7.5Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situatio…
from 0, < 3.0.14-r0
HIGH7.5openssl - security update
from 0, < 3.0.15-r0
HIGH7.5openssl - security update
from 0, < 3.0.12-r0
HIGH7.5openssl - security update
from 0, < 1.1.1t-r1
HIGH7.5Use-after-free following `BIO_new_NDEF`
from 0, < 1.1.1t-r0
HIGH7.5Invalid pointer dereference in `d2i_PKCS7` functions
from 0, < 3.0.8-r0
HIGH7.5Double free after calling `PEM_read_bio_ex`
from 0, < 1.1.1t-r0
HIGH7.5`NULL` dereference validating DSA public key
from 0, < 3.0.8-r0
HIGH7.5`NULL` dereference during PKCS7 data verification
from 0, < 3.0.8-r0
HIGH7.5Denial of service by double-checked locking in openssl-src
from 0, < 3.0.7-r2
HIGH7.5X.509 Email Address Variable Length Buffer Overflow
from 0, < 3.0.7-r0
HIGH7.5Using a Custom Cipher with `NID_undef` may lead to NULL encryption
from 0, < 3.0.6-r0
HIGH7.5openssl - security update
from 0, < 1.1.1q-r0
HIGH7.5Resource leakage when decoding certificates and keys
from 0, < 3.0.3-r0
HIGH7.5openssl1.0 - security update
from 0, < 1.1.1n-r0
HIGH7.5Invalid handling of `X509_verify_cert()` internal errors in libssl
from 0, < 3.0.1-r0
HIGH7.5openssl1.0 - security update
from 0, < 1.1.1j-r0
HIGH7.5openssl - security update
from 0, < 1.1.1g-r0
HIGH7.5openssl1.0 - security update
from 0, < 1.0.2o-r1
HIGH7.5If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that ser…
from 0, < 1.0.2k-r0
HIGH7.5crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application cra…
from 0, < 1.0.2j-r0
HIGH7.5Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a…
from 0, < 1.0.2i-r0
HIGH7.5The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket len…
from 0, < 1.0.2h-r3
HIGH7.5The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a…
from 0, < 1.0.2h-r4
HIGH7.5The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-orde…
from 0, < 1.0.2h-r3
HIGH7.5The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of app…
from 0, < 1.0.2i-r0
HIGH7.5The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in Open…
from 0, < 1.0.2h-r2
HIGH7.5The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h a…
from 0, < 1.0.2h-r0
HIGH7.5Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote a…
from 0, < 1.0.2h-r0
HIGH7.5openssl - security update
from 0, < 1.0.2h-r0
HIGH7.4Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentic…
from 0, < 3.5.7-r0
HIGH7.4Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name c…
from 0, < 3.0.19-r0
HIGH7.4X.400 address type confusion in X.509 `GeneralName`
from 0, < 1.1.1t-r0
HIGH7.4openssl1.0 - security update
from 0, < 1.1.1l-r0
HIGH7.4CA certificate check bypass with X509_V_FLAG_X509_STRICT
from 0, < 1.1.1k-r0
HIGH7.4openssl - security update
from 0, < 1.1.1b-r1
HIGH7.3openssl - security update
from 0, < 0
HIGH7.3openssl - security update
from 0, < 0
MEDIUM6.5Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group config…
from 0, < 3.5.6-r0
MEDIUM6.5Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implement…
from 0, < 0
MEDIUM6.5Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.
from 0, < 3.5.1-r0
MEDIUM6.5Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applic…
from 0, < 3.0.12-r2
MEDIUM6.5Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow.
from 0, < 1.1.1u-r0
MEDIUM6.5openssl1.0 - security update
from 0, < 1.0.2o-r0
MEDIUM6.5There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g.
from 0, < 1.0.2m-r0
MEDIUM6.3Vulnerable OpenSSL included in cryptography wheels
from 0, < 3.3.3-r0
MEDIUM6.1Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer o…
from 0, < 3.5.5-r0
MEDIUM5.9Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption.
from 0, < 3.5.7-r0
MEDIUM5.9Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client…
from 0, < 3.5.7-r0
MEDIUM5.9Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without che…
from 0, < 3.3.6-r0
MEDIUM5.9Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite…
from 0, < 3.3.6-r0
MEDIUM5.9Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment v…
from 0, < 3.0.19-r0
MEDIUM5.9Issue summary: Checking excessively long invalid RSA public keys may take a long time.
from 0, < 3.0.12-r3
MEDIUM5.9Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary…
from 0, < 3.0.12-r5
MEDIUM5.9Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the inp…
from 0, < 3.0.8-r4
MEDIUM5.9Timing Oracle in RSA Decryption
from 0, < 1.1.1t-r0
MEDIUM5.9Incorrect MAC key used in the RC4-MD5 ciphersuite
from 0, < 3.0.3-r0
MEDIUM5.9openssl - security update
from 0, < 1.1.1k-r0
MEDIUM5.9Null pointer deref in `X509_issuer_and_serial_hash()`
from 0, < 1.1.1j-r0
MEDIUM5.9openssl - security update
from 0, < 1.1.1i-r0
MEDIUM5.9openssl1.0 - security update
from 0, < 1.0.2r-r0
MEDIUM5.9The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
from 0, < 1.1.1a-r0
MEDIUM5.9openssl - security update
from 0, < 1.1.1a-r0
MEDIUM5.9The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack.
from 0, < 1.0.2o-r1
MEDIUM5.9Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of e…
from 0, < 1.0.2o-r0
MEDIUM5.9There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.
from 0, < 1.0.2n-r0
MEDIUM5.9openssl1.0 - security update
from 0, < 1.0.2n-r0
MEDIUM5.9There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c tha…
from 0, < 1.0.2k-r0
MEDIUM5.9There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d.
from 0, < 1.0.2k-r0
MEDIUM5.9The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-b…
from 0, < 1.0.2i-r0
MEDIUM5.9The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding che…
from 0, < 1.0.2h-r0
MEDIUM5.5Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.
from 0, < 3.0.19-r0