OpenSSL 厂商漏洞列表 / CVE 中文分析 99

OpenSSL 厂商相关 99 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

OpenSSL 是广泛使用的开源传输层安全协议库，核心用于实现数据加密与身份认证。其历史漏洞多涉及内存破坏、逻辑缺陷及拒绝服务，极少出现远程代码执行或跨站脚本攻击。2014年“心脏出血”漏洞因读取内存敏感数据引发全球关注，凸显了代码审计的重要性。尽管已收录99条CVE，该项目仍通过持续更新维护安全性，是互联网基础设施中不可或缺的安全组件。

上位製品 OpenSSL: OpenSSL OpenSSL extension of Ruby (Git trunk)

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2024-4603	Excessive time spent checking DSA keys and parameters — OpenSSLCWE-606	7.5^AI	High^AI	2024-05-16
CVE-2023-6237	Excessive time spent checking invalid RSA public keys — OpenSSLCWE-606	7.5	-	2024-04-25
CVE-2024-2511	Unbounded memory growth with session handling in TLSv1.3 — OpenSSLCWE-1325	7.5^AI	High^AI	2024-04-08
CVE-2024-0727	PKCS12 Decoding crashes — OpenSSLCWE-476	6.5	-	2024-01-26
CVE-2023-6129	POLY1305 MAC implementation corrupts vector registers on PowerPC — OpenSSLCWE-440	9.8^AI	Critical^AI	2024-01-09
CVE-2023-5678	Excessive time spent in DH check / generation with large Q parameter value — OpenSSLCWE-606	5.3	-	2023-11-06
CVE-2023-5363	Incorrect cipher key & IV length processing — OpenSSLCWE-684	5.3	-	2023-10-24
CVE-2023-4807	POLY1305 MAC implementation corrupts XMM registers on Windows — OpenSSLCWE-440	9.8	-	2023-09-08
CVE-2023-3817	Excessive time spent checking DH q parameter value — OpenSSLCWE-606	7.5	-	2023-07-31
CVE-2023-3446	Excessive time spent checking DH keys and parameters — OpenSSLCWE-606	7.5	-	2023-07-19
CVE-2023-2975	AES-SIV implementation ignores empty associated data entries — OpenSSLCWE-354	7.5	-	2023-07-14
CVE-2023-2650	Possible DoS translating ASN.1 object identifiers — OpenSSL	7.5	-	2023-05-30
CVE-2023-1255	Input buffer over-read in AES-XTS implementation on 64 bit ARM — OpenSSL	7.5	-	2023-04-20
CVE-2023-0466	Certificate policy check not enabled — OpenSSL	5.3	-	2023-03-28
CVE-2023-0465	Invalid certificate policies in leaf certificates are silently ignored — OpenSSL	6.5	-	2023-03-28
CVE-2023-0464	Excessive Resource Usage Verifying X.509 Policy Constraints — OpenSSL	7.5	-	2023-03-22
CVE-2022-4203	X.509 Name Constraints Read Buffer Overflow — OpenSSL	4.9	-	2023-02-24
CVE-2022-4304	Timing Oracle in RSA Decryption — OpenSSL	5.9	-	2023-02-08
CVE-2022-4450	Double free after calling PEM_read_bio_ex — OpenSSL	7.5	-	2023-02-08
CVE-2023-0215	Use-after-free following BIO_new_NDEF — OpenSSL	9.1	-	2023-02-08
CVE-2023-0216	Invalid pointer dereference in d2i_PKCS7 functions — OpenSSL	7.5	-	2023-02-08
CVE-2023-0217	NULL dereference validating DSA public key — OpenSSL	7.5	-	2023-02-08
CVE-2023-0286	X.400 address type confusion in X.509 GeneralName — OpenSSL	9.1	-	2023-02-08
CVE-2023-0401	NULL dereference during PKCS7 data verification — OpenSSL	7.5	-	2023-02-08
CVE-2022-3996	X.509 Policy Constraints Double Locking — OpenSSLCWE-667	7.5	-	2022-12-13
CVE-2022-3786	X.509 Email Address Variable Length Buffer Overflow — OpenSSL	7.5	-	2022-11-01
CVE-2022-3602	X.509 Email Address 4-byte Buffer Overflow — OpenSSL	9.1	-	2022-11-01
CVE-2022-3358	Using a Custom Cipher with NID_undef may lead to NULL encryption — OpenSSL	7.5	-	2022-10-11
CVE-2022-2097	AES OCB fails to encrypt some bytes — OpenSSL	5.3	-	2022-07-05
CVE-2022-2274	RSA implementation bug in AVX512IFMA instructions — OpenSSL	9.8	-	2022-07-01

本页汇总了 OpenSSL 厂商截至目前公开的全部 99 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

OpenSSL 厂商漏洞列表 / CVE 中文分析 99

目標達成すべての支援者に感謝 — 100%達成しました！