Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenSSL — Vulnerabilities & Security Advisories 99

Browse all 99 CVE security advisories affecting OpenSSL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenSSL is an open-source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, primarily used to encrypt network traffic for web servers, email systems, and other internet services. Its widespread adoption makes it a critical infrastructure component, yet its complexity has historically led to numerous vulnerabilities. Common flaw classes include buffer overflows, memory corruption issues, and logic errors that can facilitate remote code execution or denial of service attacks. Notable incidents, such as the Heartbleed bug, exposed sensitive memory data, highlighting risks associated with complex cryptographic implementations. With approximately 99 recorded CVEs, the project emphasizes rigorous code auditing and timely patching to mitigate these risks. Developers must maintain strict version control and apply updates promptly to ensure secure communications, as unpatched instances remain vulnerable to exploitation by malicious actors seeking to intercept or manipulate data in transit.

Top products by OpenSSL: OpenSSL OpenSSL extension of Ruby (Git trunk)
CVE IDTitleCVSSSeverityPublished
CVE-2024-4603 Excessive time spent checking DSA keys and parameters — OpenSSLCWE-606 7.5AIHighAI2024-05-16
CVE-2023-6237 Excessive time spent checking invalid RSA public keys — OpenSSLCWE-606 7.5 -2024-04-25
CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3 — OpenSSLCWE-1325 7.5AIHighAI2024-04-08
CVE-2024-0727 PKCS12 Decoding crashes — OpenSSLCWE-476 6.5 -2024-01-26
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC — OpenSSLCWE-440 9.8AICriticalAI2024-01-09
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value — OpenSSLCWE-606 5.3 -2023-11-06
CVE-2023-5363 Incorrect cipher key & IV length processing — OpenSSLCWE-684 5.3 -2023-10-24
CVE-2023-4807 POLY1305 MAC implementation corrupts XMM registers on Windows — OpenSSLCWE-440 9.8 -2023-09-08
CVE-2023-3817 Excessive time spent checking DH q parameter value — OpenSSLCWE-606 7.5 -2023-07-31
CVE-2023-3446 Excessive time spent checking DH keys and parameters — OpenSSLCWE-606 7.5 -2023-07-19
CVE-2023-2975 AES-SIV implementation ignores empty associated data entries — OpenSSLCWE-354 7.5 -2023-07-14
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers — OpenSSL 7.5 -2023-05-30
CVE-2023-1255 Input buffer over-read in AES-XTS implementation on 64 bit ARM — OpenSSL 7.5 -2023-04-20
CVE-2023-0466 Certificate policy check not enabled — OpenSSL 5.3 -2023-03-28
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored — OpenSSL 6.5 -2023-03-28
CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints — OpenSSL 7.5 -2023-03-22
CVE-2022-4203 X.509 Name Constraints Read Buffer Overflow — OpenSSL 4.9 -2023-02-24
CVE-2022-4304 Timing Oracle in RSA Decryption — OpenSSL 5.9 -2023-02-08
CVE-2022-4450 Double free after calling PEM_read_bio_ex — OpenSSL 7.5 -2023-02-08
CVE-2023-0215 Use-after-free following BIO_new_NDEF — OpenSSL 9.1 -2023-02-08
CVE-2023-0216 Invalid pointer dereference in d2i_PKCS7 functions — OpenSSL 7.5 -2023-02-08
CVE-2023-0217 NULL dereference validating DSA public key — OpenSSL 7.5 -2023-02-08
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName — OpenSSL 9.1 -2023-02-08
CVE-2023-0401 NULL dereference during PKCS7 data verification — OpenSSL 7.5 -2023-02-08
CVE-2022-3996 X.509 Policy Constraints Double Locking — OpenSSLCWE-667 7.5 -2022-12-13
CVE-2022-3786 X.509 Email Address Variable Length Buffer Overflow — OpenSSL 7.5 -2022-11-01
CVE-2022-3602 X.509 Email Address 4-byte Buffer Overflow — OpenSSL 9.1 -2022-11-01
CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption — OpenSSL 7.5 -2022-10-11
CVE-2022-2097 AES OCB fails to encrypt some bytes — OpenSSL 5.3 -2022-07-05
CVE-2022-2274 RSA implementation bug in AVX512IFMA instructions — OpenSSL 9.8 -2022-07-01

This page lists every published CVE security advisory associated with OpenSSL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.