OpenSSL Security Advisory [3rd September 2024]
==
Possible denial of service in X.509 name checks (CVE-2024-6119)
===
Severity: Moderate
Issue summary: Applications performing certificate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [27th June 2024]
==
SSL_select_next_proto buffer overread (CVE-2024-5535)
=
Severity: Low
Issue summary: Calling the OpenSSL API
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [28th May 2024]
=
Use After Free with SSL_free_buffers (CVE-2024-4741)
Severity: Low
Issue summary: Calling the OpenSSL API
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16th May 2024]
=
Excessive time spent checking DSA keys and parameters (CVE-2024-4603)
=
Severity: Low
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [8th April 2024]
==
Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)
Severity: Low
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [25th January 2024]
=
PKCS12 Decoding crashes (CVE-2024-0727)
===
Severity: Low
Issue summary: Processing a maliciously formatted PKCS12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [15th January 2024]
=
Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
=
Severity: Low
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [9th January 2024]
POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [6th November 2023]
=
Excessive time spent in DH check / generation with large Q parameter value
(CVE-2023-5678
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [24th October 2023]
=
Incorrect cipher key & IV length processing (CVE-2023-5363)
===
Severity: Moderate
Issue sum
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [8th September 2023]
==
POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [31st July 2023]
==
Excessive time spent checking DH q parameter value (CVE-2023-3817)
==
Severity: Low
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [19th July 2023]
==
Excessive time spent checking DH keys and parameters (CVE-2023-3446)
Severity: Low
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [14th July 2023]
==
AES-SIV implementation ignores empty associated data entries (CVE-2023-2975
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [30th May 2023]
=
Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)
=
Severity: Moderate
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [20th April 2023]
===
Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [28th March 2023]
===
Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
===
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [7th February 2023]
=
X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
=
Severity: High
There
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [01 November 2022]
X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602)
==
Severity: High
A buffer overrun can be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [11 October 2022]
===
Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [5 July 2022]
===
Heap memory corruption with RSA private key operation (CVE-2022-2274)
=
Severity: High
The OpenSSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [21 June 2022]
The c_rehash script allows command injection (CVE-2022-2068)
Severity: Moderate
In addition to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [03 May 2022]
===
The c_rehash script allows command injection (CVE-2022-1292)
Severity: Moderate
The c_rehash script
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [15 March 2022]
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(CVE-2022-0778
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [28 January 2022]
===
BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)
Severity: Moderate
There is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [14 December 2021]
Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [24 August 2021]
==
SM2 Decryption Buffer Overflow (CVE-2021-3711)
==
Severity: High
In order to decrypt SM2 encrypted data an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [25 March 2021]
=
CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
Severity: High
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16 February 2021]
Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
Severity: Moderate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [08 December 2020]
EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
==
Severity: High
The X.509 GeneralName type is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [09 September 2020]
=
Raccoon Attack (CVE-2020-1968)
==
Severity: Low
The Raccoon attack exploits a flaw in the TLS specification which can lead to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [21 April 2020]
=
Segmentation fault in SSL_check_chain (CVE-2020-1967)
=
Severity: High
Server or client applications that call
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [6 December 2019]
===
rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)
===
Severity: Low
There is an overflow bug in the x64_64
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [10 September 2019]
=
ECDSA remote timing attack (CVE-2019-1547)
==
Severity: Low
Normally in OpenSSL EC groups always have a co-factor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [30 July 2019]
Windows builds with insecure path defaults (CVE-2019-1552)
==
Severity: Low
OpenSSL has internal defaults
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [6 March 2019]
ChaCha20-Poly1305 with long nonces (CVE-2019-1543)
==
Severity: Low
ChaCha20-Poly1305 is an AEAD cipher, and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [26 February 2019]
0-byte record padding oracle (CVE-2019-1559)
Severity: Moderate
If an application encounters a fatal protocol
OpenSSL Security Advisory [12 November 2018]
Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407)
===
Severity: Low
OpenSSL ECC scalar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [12 June 2018]
Client DoS due to large DH parameter (CVE-2018-0732)
Severity: Low
During key agreement in a TLS handshake
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16 Apr 2018]
Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Severity: Low
The OpenSSL RSA Key
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [27 Mar 2018]
Constructed ASN.1 types with a recursive definition could exceed the stack
(CVE-2018-0739
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [07 Dec 2017]
Read/write after SSL object in error state (CVE-2017-3737)
==
Severity: Moderate
OpenSSL 1.0.2 (starting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [02 Nov 2017]
bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
==
Severity: Moderate
There is a carry propagating bug in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16 Feb 2017]
Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
Severity: High
During a renegotiation handshake if the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [26 Jan 2017]
Truncated packet could crash via OOB read (CVE-2017-3731)
=
Severity: Moderate
If an SSL/TLS server or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [10 Nov 2016]
ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
==
Severity: High
TLS connections using *-CHACHA20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [26 Sep 2016]
This security update addresses issues that were caused by patches
included in our previous security update, released on 22nd September
2016. Given the Critical
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [22 Sep 2016]
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
=
Severity: High
A malicious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [3rd May 2016]
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
==
Severity: High
This issue affected versions of OpenSSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [1st March 2016]
=
NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as
well as removing SSLv2 EXPORT ciphers. We strongly advise against the use of
SSLv2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [28th Jan 2016]
=
NOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO
SECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES
ONLY ARE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015]
=
[Updated 4 Dec 2015]: This advisory has been updated to include the details of
CVE-2015-1794, a Low severity issue affecting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [3 Dec 2015]
===
NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
==
Severity: High
During certificate verification, OpenSSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [11 Jun 2015]
===
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [19 Mar 2015]
===
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
=
Severity: High
If a client connects to an OpenSSL 1.0.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [08 Jan 2015]
===
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===
Severity: Moderate
A carefully crafted DTLS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [15 Oct 2014]
===
SRTP Memory Leak (CVE-2014-3513)
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [6 Aug 2014]
Information leak in pretty printing functions (CVE-2014-3508)
=
A flaw in OBJ_obj2txt may cause pretty
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [05 Jun 2014]
Resend: first version contained characters which could cause signature failure.
SSL/TLS MITM vulnerability (CVE-2014-0224
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [05 Jun 2014]
SSL/TLS MITM vulnerability (CVE-2014-0224)
===
An attacker using a carefully crafted handshake can force the use of weak
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014-0160)
==
A missing bounds check in the handling of the TLS heartbeat extension can be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [05 Feb 2013]
SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
Nadhem Alfardan and Kenny Paterson have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [10 May 2012]
===
Invalid TLS/DTLS record attack (CVE-2012-2333)
===
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [24 Apr 2012]
===
ASN1 BIO incomplete fix (CVE-2012-2131)
===
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [19 Apr 2012]
===
ASN1 BIO vulnerability (CVE-2012-2110)
===
A potentially exploitable vulnerability has been discovered in the OpenSSL
function
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [12 Mar 2012]
===
CMS and S/MIME Bleichenbacher attack (CVE-2012-0884)
A weakness in the OpenSSL CMS and PKCS #7 code can be exploited
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [18 Jan 2011]
===
DTLS DoS attack (CVE-2012-0050)
A flaw in the fix to CVE-2011-4108 can be exploited in a denial of
service attack. Only DTLS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [04 Jan 2012]
===
Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s.
DTLS Plaintext Recovery Attack (CVE-2011-4108)
==
Nadhem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [6 September 2011]
Two security flaws have been fixed in OpenSSL 1.0.0e
CRL verification vulnerability in OpenSSL
=
Under certain circumstances OpenSSL's internal certif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [8 February 2011]
OCSP stapling vulnerability in OpenSSL
==
Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.
This issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [8 February 2011]
OCSP stapling vulnerability in OpenSSL
==
Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.
This issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [2 December 2010]
OpenSSL Ciphersuite Downgrade Attack
=
A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [16 November 2010]
TLS extension parsing race condition.
=
A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [25-Mar-2009]
Three moderate severity security flaws have been fixed in OpenSSL 0.9.8k.
ASN1 printing crash
===
The function ASN1_STRING_print_ex() when used to print a BMPString or
UniversalString will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [07-Jan-2009]
Incorrect checks for malformed signatures
===
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a
-BEGIN PGP SIGNED MESSAGE-
OpenSSL Security Advisory [12-Oct-2007]
OpenSSL Vulnerabilities
- ---
Vulnerability A
- ---
Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which
could lead to the compromise of clients and servers with
OpenSSL Security Advisory [19 February 2003]
Timing-based attacks on SSL/TLS with CBC encryption
===
CONTENTS
- Vulnerability
- Source code patch [*]
- Acknowledgement
- References
[*] OpenSSL 0.9.6i and OpenSSL 0.9.7a do not require this
OpenSSL Security Advisory [10 July 2001]
WEAKNESS OF THE OpenSSL PRNG IN VERSIONS UP TO OpenSSL 0.9.6a
-
CONTENTS:
- Synopsis
- Detailed problem description
- Solution
- Impact
- Source code patch [*]
- Acknowledgement
80 matches
Mail list logo