Browse all 4 CVE security advisories affecting OpenSSL Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The OpenSSL Software Foundation develops the widely-used OpenSSL toolkit that provides secure communication through SSL/TLS protocols for internet applications. Historically, common vulnerabilities include remote code execution, buffer overflows, and denial-of-service flaws, with the 2014 Heartbleed bug being a critical remote memory disclosure incident affecting two-thirds of internet servers. Despite its critical role in internet security, OpenSSL has faced scrutiny for limited resources and slow patch processes. The foundation maintains an open-source model with community contributions, though its small team has struggled to keep pace with complex code auditing needs. Currently, four active CVEs highlight ongoing security challenges in maintaining this essential cryptographic library.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-3737 | OpenSSL 缓冲区错误漏洞 — OpenSSL | 5.9 | - | 2017-12-07 |
| CVE-2017-3738 | OpenSSL 信息泄露漏洞 — OpenSSL | 5.9 | - | 2017-12-07 |
| CVE-2017-3736 | OpenSSL 信息泄露漏洞 — OpenSSL | 6.5 | - | 2017-11-02 |
| CVE-2017-3735 | OpenSSL 缓冲区错误漏洞 — OpenSSL | 5.3 | - | 2017-08-28 |
This page lists every published CVE security advisory associated with OpenSSL Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.