Vulnerabilities > Openssl > Openssl > 3.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2023-0466 | Improper Certificate Validation vulnerability in Openssl The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. | 5.3 |
| 2023-03-22 | CVE-2023-0464 | Improper Certificate Validation vulnerability in Openssl A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. | 7.5 |
| 2023-02-24 | CVE-2022-4203 | Out-of-bounds Read vulnerability in Openssl A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. | 4.9 |
| 2023-02-08 | CVE-2022-4304 | Information Exposure Through Discrepancy vulnerability in multiple products A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. | 5.9 |
| 2023-02-08 | CVE-2022-4450 | Double Free vulnerability in multiple products The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. | 7.5 |
| 2023-02-08 | CVE-2023-0215 | Use After Free vulnerability in multiple products The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. | 7.5 |
| 2023-02-08 | CVE-2023-0216 | NULL Pointer Dereference vulnerability in multiple products An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. | 7.5 |
| 2023-02-08 | CVE-2023-0217 | NULL Pointer Dereference vulnerability in Openssl An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. | 7.5 |
| 2023-02-08 | CVE-2023-0286 | Type Confusion vulnerability in multiple products There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. | 7.4 |
| 2023-02-08 | CVE-2023-0401 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. | 7.5 |