CVE-2021-3711
- EPSS 2.75%
- Published 24.08.2021 15:15:09
- Last modified 21.11.2024 06:22:12
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen...
CVE-2021-3712
- EPSS 0.82%
- Published 24.08.2021 15:15:09
- Last modified 21.11.2024 06:22:13
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the s...
CVE-2020-1971
- EPSS 0.34%
- Published 08.12.2020 16:15:11
- Last modified 21.11.2024 05:11:45
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...
CVE-2019-1559
- EPSS 5.05%
- Published 27.02.2019 23:29:00
- Last modified 21.11.2024 04:36:48
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...