Vulnerabilities (CVE)

Filtered by vendor Openssl Subscribe
Total 255 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2107 8 Canonical, Debian, Google and 5 more 15 Ubuntu Linux, Debian Linux, Android and 12 more 2025-04-12 2.6 LOW 5.9 MEDIUM
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
CVE-2016-0797 4 Canonical, Debian, Nodejs and 1 more 4 Ubuntu Linux, Debian Linux, Node.js and 1 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
CVE-2016-6305 1 Openssl 1 Openssl 2025-04-12 5.0 MEDIUM 7.5 HIGH
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
CVE-2010-5298 4 Fedoraproject, Mariadb, Openssl and 1 more 7 Fedora, Mariadb, Openssl and 4 more 2025-04-12 4.0 MEDIUM N/A
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
CVE-2016-6308 1 Openssl 1 Openssl 2025-04-12 7.1 HIGH 5.9 MEDIUM
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
CVE-2016-0701 1 Openssl 1 Openssl 2025-04-12 2.6 LOW 3.7 LOW
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2025-04-12 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2015-1791 1 Openssl 1 Openssl 2025-04-12 6.8 MEDIUM N/A
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
CVE-2016-0704 1 Openssl 1 Openssl 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
CVE-2015-0293 1 Openssl 1 Openssl 2025-04-12 5.0 MEDIUM N/A
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
CVE-2015-1789 2 Openssl, Oracle 2 Openssl, Sparc-opl Service Processor 2025-04-12 4.3 MEDIUM 7.5 HIGH
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
CVE-2016-0702 4 Canonical, Debian, Nodejs and 1 more 4 Ubuntu Linux, Debian Linux, Node.js and 1 more 2025-04-12 1.9 LOW 5.1 MEDIUM
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
CVE-2014-0224 9 Fedoraproject, Filezilla-project, Mariadb and 6 more 20 Fedora, Filezilla Server, Mariadb and 17 more 2025-04-12 5.8 MEDIUM 7.4 HIGH
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
CVE-2015-0206 1 Openssl 1 Openssl 2025-04-12 5.0 MEDIUM N/A
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
CVE-2014-3569 1 Openssl 1 Openssl 2025-04-12 5.0 MEDIUM N/A
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.
CVE-2016-2108 3 Google, Openssl, Redhat 9 Android, Openssl, Enterprise Linux Desktop and 6 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
CVE-2016-6306 6 Canonical, Debian, Hp and 3 more 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE-2014-0221 6 Fedoraproject, Mariadb, Openssl and 3 more 11 Fedora, Mariadb, Openssl and 8 more 2025-04-12 4.3 MEDIUM N/A
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
CVE-2014-3513 1 Openssl 1 Openssl 2025-04-12 7.1 HIGH N/A
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
CVE-2015-1787 1 Openssl 1 Openssl 2025-04-12 2.6 LOW N/A
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.