Vulnerabilities > Openssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-1255 | Out-of-bounds Read vulnerability in Openssl Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. | 5.9 |
| 2023-02-24 | CVE-2022-4203 | Out-of-bounds Read vulnerability in Openssl A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. | 4.9 |
| 2023-02-08 | CVE-2022-4304 | Unspecified vulnerability in Openssl A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. | 5.9 |
| 2023-02-08 | CVE-2022-4450 | Double Free vulnerability in Openssl The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. | 7.5 |
| 2023-02-08 | CVE-2023-0215 | Use After Free vulnerability in Openssl The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. | 7.5 |
| 2023-02-08 | CVE-2023-0216 | NULL Pointer Dereference vulnerability in Openssl An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. | 7.5 |
| 2023-02-08 | CVE-2023-0217 | NULL Pointer Dereference vulnerability in Openssl An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. | 7.5 |
| 2023-02-08 | CVE-2023-0286 | Type Confusion vulnerability in Openssl There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. | 7.4 |
| 2023-02-08 | CVE-2023-0401 | NULL Pointer Dereference vulnerability in Openssl A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. | 7.5 |
| 2022-11-01 | CVE-2022-3602 | Classic Buffer Overflow vulnerability in multiple products A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. | 7.5 |