Advisories for package 'openssl-src' › RustSec Advisory Database (original) (raw)

• February 7, 2023

RUSTSEC-2023-0013: Vulnerability in openssl-src

NULL dereference during PKCS7 data verification

• February 7, 2023

RUSTSEC-2023-0006: Vulnerability in openssl-src

X.400 address type confusion in X.509 GeneralName

• February 7, 2023

RUSTSEC-2023-0009: Vulnerability in openssl-src

Use-after-free following BIO_new_NDEF

• February 7, 2023

RUSTSEC-2023-0007: Vulnerability in openssl-src

Timing Oracle in RSA Decryption

• February 7, 2023

RUSTSEC-2023-0011: Vulnerability in openssl-src

Invalid pointer dereference in d2i_PKCS7 functions

• February 7, 2023

RUSTSEC-2023-0010: Vulnerability in openssl-src

Double free after calling PEM_read_bio_ex

• February 7, 2023

RUSTSEC-2023-0012: Vulnerability in openssl-src

NULL dereference validating DSA public key

• February 7, 2023

RUSTSEC-2023-0008: Vulnerability in openssl-src

X.509 Name Constraints Read Buffer Overflow

• November 1, 2022

RUSTSEC-2022-0064: Vulnerability in openssl-src

X.509 Email Address 4-byte Buffer Overflow

• November 1, 2022

RUSTSEC-2022-0065: Vulnerability in openssl-src

X.509 Email Address Variable Length Buffer Overflow

• October 11, 2022

RUSTSEC-2022-0059: Vulnerability in openssl-src

Using a Custom Cipher with NID_undef may lead to NULL encryption

• July 5, 2022

RUSTSEC-2022-0033: Vulnerability in openssl-src

Heap memory corruption with RSA private key operation

• July 5, 2022

RUSTSEC-2022-0032: Vulnerability in openssl-src

AES OCB fails to encrypt some bytes

• May 19, 2022

HIGH RUSTSEC-2022-0025: Vulnerability in openssl-src

Resource leakage when decoding certificates and keys

• May 19, 2022

MEDIUM RUSTSEC-2022-0027: Vulnerability in openssl-src

OCSP_basic_verify may incorrectly verify the response signing certificate

• May 19, 2022

MEDIUM RUSTSEC-2022-0026: Vulnerability in openssl-src

Incorrect MAC key used in the RC4-MD5 ciphersuite

• March 16, 2022

RUSTSEC-2022-0014: Vulnerability in openssl-src

Infinite loop in BN_mod_sqrt() reachable when parsing certificates

• December 15, 2021

RUSTSEC-2021-0129: Vulnerability in openssl-src

Invalid handling of X509_verify_cert() internal errors in libssl

• August 24, 2021

HIGH RUSTSEC-2021-0098: Vulnerability in openssl-src

Read buffer overruns processing ASN.1 strings

• August 24, 2021

CRITICAL RUSTSEC-2021-0097: Vulnerability in openssl-src

SM2 Decryption Buffer Overflow

• May 1, 2021

HIGH RUSTSEC-2021-0057: Vulnerability in openssl-src

Integer overflow in CipherUpdate

• May 1, 2021

HIGH RUSTSEC-2021-0056: Vulnerability in openssl-src

CA certificate check bypass with X509_V_FLAG_X509_STRICT

• May 1, 2021

MEDIUM RUSTSEC-2021-0058: Vulnerability in openssl-src

Null pointer deref in X509_issuer_and_serial_hash()

• May 1, 2021

MEDIUM RUSTSEC-2021-0055: Vulnerability in openssl-src

NULL pointer deref in signature_algorithms processing

• October 1, 2020

HIGH RUSTSEC-2020-0015: Vulnerability in openssl-src

Crash causing Denial of Service attack