Browse all 99 CVE security advisories affecting OpenSSL. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenSSL is an open-source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, primarily used to encrypt network traffic for web servers, email systems, and other internet services. Its widespread adoption makes it a critical infrastructure component, yet its complexity has historically led to numerous vulnerabilities. Common flaw classes include buffer overflows, memory corruption issues, and logic errors that can facilitate remote code execution or denial of service attacks. Notable incidents, such as the Heartbleed bug, exposed sensitive memory data, highlighting risks associated with complex cryptographic implementations. With approximately 99 recorded CVEs, the project emphasizes rigorous code auditing and timely patching to mitigate these risks. Developers must maintain strict version control and apply updates promptly to ensure secure communications, as unpatched instances remain vulnerable to exploitation by malicious actors seeking to intercept or manipulate data in transit.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-0733 | Incorrect CRYPTO_memcmp on HP-UX PA-RISC — OpenSSL | 5.9 | - | 2018-03-27 |
| CVE-2016-8610 | OpenSSL 资源管理错误漏洞 — OpenSSLCWE-400 | 7.5 | - | 2017-11-13 |
| CVE-2017-3733 | Encrypt-Then-Mac renegotiation crash — OpenSSL | 7.5 | - | 2017-05-04 |
| CVE-2017-3732 | BN_mod_exp may produce incorrect results on x86_64 — OpenSSL | 5.9 | - | 2017-05-04 |
| CVE-2017-3731 | Truncated packet could crash via OOB read — OpenSSL | 5.9 | - | 2017-05-04 |
| CVE-2017-3730 | Bad (EC)DHE parameters cause a client crash — OpenSSL | 7.5 | - | 2017-05-04 |
| CVE-2016-7054 | ChaCha20/Poly1305 heap-buffer-overflow — OpenSSL | 7.5 | - | 2017-05-04 |
| CVE-2016-7053 | CMS Null dereference — OpenSSL | 7.5 | - | 2017-05-04 |
This page lists every published CVE security advisory associated with OpenSSL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.