-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [27th June 2024]
==
SSL_select_next_proto buffer overread (CVE-2024-5535)
=
Severity: Low
Issue summary: Calling the OpenSSL API
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [28th May 2024]
=
Use After Free with SSL_free_buffers (CVE-2024-4741)
Severity: Low
Issue summary: Calling the OpenSSL API
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16th May 2024]
=
Excessive time spent checking DSA keys and parameters (CVE-2024-4603)
=
Severity: Low
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16th May 2024]
=
Excessive time spent checking DSA keys and parameters (CVE-2023-3446)
=
Severity: Low
Issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [01 November 2022]
X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602)
==
Severity: High
A buffer overrun can be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [11 October 2022]
===
Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [5 July 2022]
===
Heap memory corruption with RSA private key operation (CVE-2022-2274)
=
Severity: High
The OpenSSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [21 June 2022]
The c_rehash script allows command injection (CVE-2022-2068)
Severity: Moderate
In addition to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [03 May 2022]
===
The c_rehash script allows command injection (CVE-2022-1292)
Severity: Moderate
The c_rehash script
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [15 March 2022]
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(CVE-2022-0778
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [28 January 2022]
===
BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)
Severity: Moderate
There is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [14 December 2021]
Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [24 August 2021]
==
SM2 Decryption Buffer Overflow (CVE-2021-3711)
==
Severity: High
In order to decrypt SM2 encrypted data an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [25 March 2021]
=
CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
Severity: High
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16 February 2021]
Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
Severity: Moderate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [08 December 2020]
EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
==
Severity: High
The X.509 GeneralName type is a
t; > Is the description of the attack publicly available?
> >> >
> >> > On Wed, Sep 9, 2020 at 3:39 PM OpenSSL wrote:
> >> >>
> >> >> -BEGIN PGP SIGNED MESSAGE-
> >> >> Hash: SHA512
> >> >>
> >>
r paper very soon (today).
>>
>> Regards, Mark
>>
>> On Wed, Sep 9, 2020 at 1:45 PM Dmitry Belyavsky wrote:
>> >
>> > Is the description of the attack publicly available?
>> >
>> > On Wed, Sep 9, 2020 at 3:39 PM OpenSSL wrote:
>> >>
&
e attack publicly available?
> >
> > On Wed, Sep 9, 2020 at 3:39 PM OpenSSL wrote:
> >>
> >> -BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA512
> >>
> >> OpenSSL Security Advisory [09 September 2020]
> &
AGE-
>> Hash: SHA512
>>
>> OpenSSL Security Advisory [09 September 2020]
>> =
>>
>> Raccoon Attack (CVE-2020-1968)
>> ==
>>
>> Severity: Low
>>
>> The Raccoon atta
Is the description of the attack publicly available?
On Wed, Sep 9, 2020 at 3:39 PM OpenSSL wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> OpenSSL Security Advisory [09 September 2020]
> =
>
> Raccoon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [09 September 2020]
=
Raccoon Attack (CVE-2020-1968)
==
Severity: Low
The Raccoon attack exploits a flaw in the TLS specification which can lead to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [21 April 2020]
=
Segmentation fault in SSL_check_chain (CVE-2020-1967)
=
Severity: High
Server or client applications that call
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [6 December 2019]
===
rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)
===
Severity: Low
There is an overflow bug in the x64_64
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [10 September 2019]
=
ECDSA remote timing attack (CVE-2019-1547)
==
Severity: Low
Normally in OpenSSL EC groups always have a co-factor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [30 July 2019]
Windows builds with insecure path defaults (CVE-2019-1552)
==
Severity: Low
OpenSSL has internal defaults
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [6 March 2019]
ChaCha20-Poly1305 with long nonces (CVE-2019-1543)
==
Severity: Low
ChaCha20-Poly1305 is an AEAD cipher, and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [26 February 2019]
0-byte record padding oracle (CVE-2019-1559)
Severity: Moderate
If an application encounters a fatal protocol
OpenSSL Security Advisory [12 November 2018]
Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407)
===
Severity: Low
OpenSSL ECC scalar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [12 June 2018]
Client DoS due to large DH parameter (CVE-2018-0732)
Severity: Low
During key agreement in a TLS handshake
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16 Apr 2018]
Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Severity: Low
The OpenSSL RSA Key
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [27 Mar 2018]
Constructed ASN.1 types with a recursive definition could exceed the stack
(CVE-2018-0739
32 matches
Mail list logo