Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenSSL — Vulnerabilities & Security Advisories 99

Browse all 99 CVE security advisories affecting OpenSSL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenSSL is an open-source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, primarily used to encrypt network traffic for web servers, email systems, and other internet services. Its widespread adoption makes it a critical infrastructure component, yet its complexity has historically led to numerous vulnerabilities. Common flaw classes include buffer overflows, memory corruption issues, and logic errors that can facilitate remote code execution or denial of service attacks. Notable incidents, such as the Heartbleed bug, exposed sensitive memory data, highlighting risks associated with complex cryptographic implementations. With approximately 99 recorded CVEs, the project emphasizes rigorous code auditing and timely patching to mitigate these risks. Developers must maintain strict version control and apply updates promptly to ensure secure communications, as unpatched instances remain vulnerable to exploitation by malicious actors seeking to intercept or manipulate data in transit.

Top products by OpenSSL: OpenSSL OpenSSL extension of Ruby (Git trunk)
CVE IDTitleCVSSSeverityPublished
CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation — OpenSSLCWE-754 7.5AIHighAI2026-04-07
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion — OpenSSLCWE-787 9.8AICriticalAI2026-04-07
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo — OpenSSLCWE-476 7.5AIHighAI2026-04-07
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo — OpenSSLCWE-476 7.5AIHighAI2026-04-07
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL — OpenSSLCWE-476 7.5AIHighAI2026-04-07
CVE-2026-28387 Potential Use-after-free in DANE Client Code — OpenSSLCWE-416 9.8AICriticalAI2026-04-07
CVE-2026-28386 Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support — OpenSSLCWE-125 7.5AIHighAI2026-04-07
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group — OpenSSLCWE-757 5.3 -2026-03-13
CVE-2026-22796 ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function — OpenSSLCWE-754 7.5AIHighAI2026-01-27
CVE-2026-22795 Missing ASN1_TYPE validation in PKCS#12 parsing — OpenSSLCWE-754 7.5AIHighAI2026-01-27
CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function — OpenSSLCWE-754 6.2AIMediumAI2026-01-27
CVE-2025-69421 NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function — OpenSSLCWE-476 6.5AIMediumAI2026-01-27
CVE-2025-69419 Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion — OpenSSLCWE-787 7.8AIHighAI2026-01-27
CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls — OpenSSLCWE-325 9.1AICriticalAI2026-01-27
CVE-2025-68160 Heap out-of-bounds write in BIO_f_linebuffer on short writes — OpenSSLCWE-787 7.5AIHighAI2026-01-27
CVE-2025-66199 TLS 1.3 CompressedCertificate excessive memory allocation — OpenSSLCWE-789 7.5AIHighAI2026-01-27
CVE-2025-15469 'openssl dgst' one-shot codepath silently truncates inputs >16MB — OpenSSLCWE-347 9.1AICriticalAI2026-01-27
CVE-2025-15468 NULL dereference in SSL_CIPHER_find() function on unknown cipher ID — OpenSSLCWE-476 7.5AIHighAI2026-01-27
CVE-2025-15467 Stack buffer overflow in CMS (Auth)EnvelopedData parsing — OpenSSLCWE-787 9.8 -2026-01-27
CVE-2025-11187 Improper validation of PBMAC1 parameters in PKCS#12 MAC verification — OpenSSLCWE-787 8.8AIHighAI2026-01-27
CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling — OpenSSLCWE-125 7.5AIHighAI2025-09-30
CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM — OpenSSLCWE-385 5.9AIMediumAI2025-09-30
CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap — OpenSSLCWE-125 9.1AICriticalAI2025-09-30
CVE-2025-4575 The x509 application adds trusted use instead of rejected use — OpenSSLCWE-295 7.5AIHighAI2025-05-22
CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected — OpenSSLCWE-392 7.4 -2025-02-11
CVE-2024-13176 Timing side-channel in ECDSA signature computation — OpenSSLCWE-385 4.7 -2025-01-20
CVE-2024-4741 Use After Free with SSL_free_buffers — OpenSSLCWE-416 9.8 -2024-11-13
CVE-2024-9143 Low-level invalid GF(2^m) parameters lead to OOB memory access — OpenSSLCWE-125 9.8 -2024-10-16
CVE-2024-6119 Possible denial of service in X.509 name checks — OpenSSLCWE-843 7.5AIHighAI2024-09-03
CVE-2024-5535 SSL_select_next_proto buffer overread — OpenSSLCWE-125 9.1AICriticalAI2024-06-27

This page lists every published CVE security advisory associated with OpenSSL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.