Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenSSL — Vulnerabilities & Security Advisories 99

Browse all 99 CVE security advisories affecting OpenSSL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenSSL is an open-source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, primarily used to encrypt network traffic for web servers, email systems, and other internet services. Its widespread adoption makes it a critical infrastructure component, yet its complexity has historically led to numerous vulnerabilities. Common flaw classes include buffer overflows, memory corruption issues, and logic errors that can facilitate remote code execution or denial of service attacks. Notable incidents, such as the Heartbleed bug, exposed sensitive memory data, highlighting risks associated with complex cryptographic implementations. With approximately 99 recorded CVEs, the project emphasizes rigorous code auditing and timely patching to mitigate these risks. Developers must maintain strict version control and apply updates promptly to ensure secure communications, as unpatched instances remain vulnerable to exploitation by malicious actors seeking to intercept or manipulate data in transit.

Found 98 results / 99Clear Filters
Top products by OpenSSL: OpenSSL OpenSSL extension of Ruby (Git trunk)
CVE IDTitleCVSSSeverityPublished
CVE-2022-2068 The c_rehash script allows command injection — OpenSSL 9.8 -2022-06-21
CVE-2022-1473 Resource leakage when decoding certificates and keys — OpenSSL 7.5 -2022-05-03
CVE-2022-1434 Incorrect MAC key used in the RC4-MD5 ciphersuite — OpenSSL 5.9 -2022-05-03
CVE-2022-1343 OCSP_basic_verify may incorrectly verify the response signing certificate — OpenSSL 9.1 -2022-05-03
CVE-2022-1292 The c_rehash script allows command injection — OpenSSL 9.8 -2022-05-03
CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates — OpenSSL 7.5 -2022-03-15
CVE-2021-4160 BN_mod_exp may produce incorrect results on MIPS — OpenSSL 5.9 -2022-01-28
CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl — OpenSSL 7.5 -2021-12-14
CVE-2021-3712 Read buffer overruns processing ASN.1 strings — OpenSSL 7.4 -2021-08-24
CVE-2021-3711 SM2 Decryption Buffer Overflow — OpenSSL 9.8 -2021-08-24
CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT — OpenSSL 9.1 -2021-03-25
CVE-2021-3449 NULL pointer deref in signature_algorithms processing — OpenSSL 5.9 -2021-03-25
CVE-2021-23841 Null pointer deref in X509_issuer_and_serial_hash() — OpenSSL 5.9 -2021-02-16
CVE-2021-23840 Integer overflow in CipherUpdate — OpenSSL 7.5 -2021-02-16
CVE-2021-23839 Incorrect SSLv2 rollback protection — OpenSSL 7.5 -2021-02-16
CVE-2020-1971 EDIPARTYNAME NULL pointer dereference — OpenSSL 5.9 -2020-12-08
CVE-2020-1968 Raccoon attack — OpenSSL 5.9 -2020-09-09
CVE-2020-1967 Segmentation fault in SSL_check_chain — OpenSSL 7.5 -2020-04-21
CVE-2019-1551 rsaz_512_sqr overflow bug on x86_64 — OpenSSL 9.1 -2019-12-06
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey — OpenSSL 3.7 -2019-09-10
CVE-2019-1549 Fork Protection — OpenSSL 4.0 -2019-09-10
CVE-2019-1547 ECDSA remote timing attack — OpenSSL 5.9 -2019-09-10
CVE-2019-1552 Windows builds with insecure path defaults — OpenSSL 5.5 -2019-07-30
CVE-2019-1543 ChaCha20-Poly1305 with long nonces — OpenSSL 7.4 -2019-03-06
CVE-2019-1559 0-byte record padding oracle — OpenSSL 3.7 -2019-02-27
CVE-2018-0734 Timing attack against DSA — OpenSSL 5.9 -2018-10-30
CVE-2018-0735 Timing attack against ECDSA signature generation — OpenSSL 7.5 -2018-10-29
CVE-2018-0732 Client DoS due to large DH parameter — OpenSSL 7.5 -2018-06-12
CVE-2018-0737 Cache timing vulnerability in RSA Key Generation — OpenSSL 5.9 -2018-04-16
CVE-2018-0739 Constructed ASN.1 types with a recursive definition could exceed the stack — OpenSSL 7.5 -2018-03-27

This page lists every published CVE security advisory associated with OpenSSL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.