OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Warnung
  • EPSS 50.45%
  • Veröffentlicht 24.08.2021 15:15:09
  • Zuletzt bearbeitet 16.04.2026 15:16:45

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the s...

  • EPSS 62.91%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

  • EPSS 18.34%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...

  • EPSS 2.96%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:55

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clie...

  • EPSS 50.73%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 16.04.2026 15:16:45

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value ...

  • EPSS 7.47%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:55

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...

  • EPSS 6.97%
  • Veröffentlicht 08.12.2020 16:15:11
  • Zuletzt bearbeitet 29.05.2026 16:16:20

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...

  • EPSS 4.8%
  • Veröffentlicht 09.09.2020 14:15:12
  • Zuletzt bearbeitet 16.04.2026 15:16:41

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the atta...

Exploit
  • EPSS 53.34%
  • Veröffentlicht 21.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur...

  • EPSS 14.3%
  • Veröffentlicht 06.12.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:36:48

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this d...