- EPSS 44.88%
- Veröffentlicht 01.07.2022 08:15:07
- Zuletzt bearbeitet 21.11.2024 07:00:40
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption w...
- EPSS 95.76%
- Veröffentlicht 21.06.2022 15:15:09
- Zuletzt bearbeitet 03.11.2025 22:15:58
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022...
- EPSS 83.22%
- Veröffentlicht 03.05.2022 16:15:18
- Zuletzt bearbeitet 13.08.2025 14:15:28
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execut...
CVE-2022-1343
- EPSS 1.17%
- Veröffentlicht 03.05.2022 16:15:18
- Zuletzt bearbeitet 05.05.2025 17:17:34
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the res...
CVE-2022-1434
- EPSS 1.03%
- Veröffentlicht 03.05.2022 16:15:18
- Zuletzt bearbeitet 21.11.2024 06:40:43
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being s...
CVE-2022-1473
- EPSS 2.39%
- Veröffentlicht 03.05.2022 16:15:18
- Zuletzt bearbeitet 05.05.2025 17:17:34
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically de...
CVE-2022-0778
- EPSS 70.56%
- Veröffentlicht 15.03.2022 17:15:08
- Zuletzt bearbeitet 14.04.2026 10:16:21
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...
CVE-2021-4160
- EPSS 3.8%
- Veröffentlicht 28.01.2022 22:15:15
- Zuletzt bearbeitet 21.11.2024 06:37:02
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlik...
CVE-2021-4044
- EPSS 50.1%
- Veröffentlicht 14.12.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:36:47
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return ...
CVE-2021-3711
- EPSS 87.82%
- Veröffentlicht 24.08.2021 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:12
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen...