Vulnerabilities > Openssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2023-0465 | Improper Certificate Validation vulnerability in Openssl Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | 5.3 |
| 2023-03-28 | CVE-2023-0466 | Improper Certificate Validation vulnerability in Openssl The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. | 5.3 |
| 2023-03-22 | CVE-2023-0464 | Improper Certificate Validation vulnerability in Openssl A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. | 7.5 |
| 2023-02-24 | CVE-2022-4203 | Out-of-bounds Read vulnerability in Openssl A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. | 4.9 |
| 2023-02-08 | CVE-2022-4304 | Information Exposure Through Discrepancy vulnerability in multiple products A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. | 5.9 |
| 2023-02-08 | CVE-2022-4450 | Double Free vulnerability in multiple products The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. | 7.5 |
| 2023-02-08 | CVE-2023-0215 | Use After Free vulnerability in multiple products The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. | 7.5 |
| 2023-02-08 | CVE-2023-0216 | NULL Pointer Dereference vulnerability in multiple products An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. | 7.5 |
| 2023-02-08 | CVE-2023-0217 | NULL Pointer Dereference vulnerability in Openssl An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. | 7.5 |
| 2023-02-08 | CVE-2023-0286 | Type Confusion vulnerability in multiple products There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. | 7.4 |