目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

OpenSSL 厂商漏洞列表 / CVE 中文分析 117

OpenSSL 厂商相关 117 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

OpenSSL 是广泛使用的开源传输层安全协议库,核心用于实现数据加密与身份认证。其历史漏洞多涉及内存破坏、逻辑缺陷及拒绝服务,极少出现远程代码执行或跨站脚本攻击。2014年“心脏出血”漏洞因读取内存敏感数据引发全球关注,凸显了代码审计的重要性。尽管已收录99条CVE,该项目仍通过持续更新维护安全性,是互联网基础设施中不可或缺的安全组件。

CVE IDタイトルCVSS深刻度公開日
CVE-2025-69419 Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion — OpenSSLCWE-787 7.8AIHighAI2026-01-27
CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls — OpenSSLCWE-325 9.1AICriticalAI2026-01-27
CVE-2025-68160 Heap out-of-bounds write in BIO_f_linebuffer on short writes — OpenSSLCWE-787 7.5AIHighAI2026-01-27
CVE-2025-15469 'openssl dgst' one-shot codepath silently truncates inputs >16MB — OpenSSLCWE-347 9.1AICriticalAI2026-01-27
CVE-2025-66199 TLS 1.3 CompressedCertificate excessive memory allocation — OpenSSLCWE-789 7.5AIHighAI2026-01-27
CVE-2025-15468 NULL dereference in SSL_CIPHER_find() function on unknown cipher ID — OpenSSLCWE-476 7.5AIHighAI2026-01-27
CVE-2025-15467 Stack buffer overflow in CMS (Auth)EnvelopedData parsing — OpenSSLCWE-787 9.8 -2026-01-27
CVE-2025-11187 Improper validation of PBMAC1 parameters in PKCS#12 MAC verification — OpenSSLCWE-787 8.8AIHighAI2026-01-27
CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling — OpenSSLCWE-125 7.5AIHighAI2025-09-30
CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM — OpenSSLCWE-385 5.9AIMediumAI2025-09-30
CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap — OpenSSLCWE-125 9.1AICriticalAI2025-09-30
CVE-2025-4575 The x509 application adds trusted use instead of rejected use — OpenSSLCWE-295 7.5AIHighAI2025-05-22
CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected — OpenSSLCWE-392 7.4 -2025-02-11
CVE-2024-13176 Timing side-channel in ECDSA signature computation — OpenSSLCWE-385 4.7 -2025-01-20
CVE-2024-4741 Use After Free with SSL_free_buffers — OpenSSLCWE-416 9.8 -2024-11-13
CVE-2024-9143 Low-level invalid GF(2^m) parameters lead to OOB memory access — OpenSSLCWE-125 9.8 -2024-10-16
CVE-2024-6119 Possible denial of service in X.509 name checks — OpenSSLCWE-843 7.5AIHighAI2024-09-03
CVE-2024-5535 SSL_select_next_proto buffer overread — OpenSSLCWE-125 9.1AICriticalAI2024-06-27
CVE-2024-4603 Excessive time spent checking DSA keys and parameters — OpenSSLCWE-606 7.5AIHighAI2024-05-16
CVE-2023-6237 Excessive time spent checking invalid RSA public keys — OpenSSLCWE-606 7.5 -2024-04-25
CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3 — OpenSSLCWE-1325 7.5AIHighAI2024-04-08
CVE-2024-0727 PKCS12 Decoding crashes — OpenSSLCWE-476 6.5 -2024-01-26
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC — OpenSSLCWE-440 9.8AICriticalAI2024-01-09
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value — OpenSSLCWE-606 5.3 -2023-11-06
CVE-2023-5363 Incorrect cipher key & IV length processing — OpenSSLCWE-684 5.3 -2023-10-24
CVE-2023-4807 POLY1305 MAC implementation corrupts XMM registers on Windows — OpenSSLCWE-440 9.8 -2023-09-08
CVE-2023-3817 Excessive time spent checking DH q parameter value — OpenSSLCWE-606 7.5 -2023-07-31
CVE-2023-3446 Excessive time spent checking DH keys and parameters — OpenSSLCWE-606 7.5 -2023-07-19
CVE-2023-2975 AES-SIV implementation ignores empty associated data entries — OpenSSLCWE-354 7.5 -2023-07-14
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers — OpenSSL 7.5 -2023-05-30

本页汇总了 OpenSSL 厂商截至目前公开的全部 117 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。