OpenSSL

OpenSSL

300 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 0.84%
  • Veröffentlicht 27.01.2026 16:16:34
  • Zuletzt bearbeitet 12.05.2026 13:17:26

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an applicatio...

Medienbericht
  • EPSS 0.12%
  • Veröffentlicht 27.01.2026 16:16:33
  • Zuletzt bearbeitet 12.05.2026 13:17:24

Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact su...

Medienbericht
  • EPSS 0.4%
  • Veröffentlicht 27.01.2026 16:16:15
  • Zuletzt bearbeitet 02.02.2026 18:37:19

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memo...

Medienbericht
  • EPSS 0.15%
  • Veröffentlicht 27.01.2026 16:16:15
  • Zuletzt bearbeitet 12.05.2026 13:17:24

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corrupt...

Medienbericht
  • EPSS 0.52%
  • Veröffentlicht 27.01.2026 16:16:14
  • Zuletzt bearbeitet 20.03.2026 14:16:13

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer ...

Medienbericht Exploit
  • EPSS 47.62%
  • Veröffentlicht 27.01.2026 16:16:14
  • Zuletzt bearbeitet 30.06.2026 03:16:46

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentiall...

Medienbericht
  • EPSS 0.75%
  • Veröffentlicht 27.01.2026 16:16:14
  • Zuletzt bearbeitet 02.02.2026 18:38:00

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termina...

Medienbericht
  • EPSS 0.18%
  • Veröffentlicht 27.01.2026 16:16:14
  • Zuletzt bearbeitet 02.02.2026 18:37:39

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-sho...

Medienbericht
  • EPSS 1.74%
  • Veröffentlicht 30.09.2025 14:15:41
  • Zuletzt bearbeitet 02.06.2026 14:16:40

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an a...

Medienbericht
  • EPSS 2.23%
  • Veröffentlicht 30.09.2025 14:15:41
  • Zuletzt bearbeitet 02.06.2026 14:16:40

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit A...