pkg:Debian/openssl
共 347 筆 CVECRITICAL19HIGH83MEDIUM87LOW6
✅ 檢查你的版本
所有已知漏洞
- from 0, < 1.0.1e-2+deb7u5
- from 0, < 1.0.1g-1
- CRITICAL9.8CVE-2026-31789Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platfor…from 0, < 3.0.19-1~deb12u2
- from 0, < 3.0.7-1
- from 0, < 3.0.4-2
- from 0, < 1.1.1d-0+deb10u7
- from 0, < 1.1.1k-1+deb11u1
- from 0, < 0.9.8g-15+lenny11
- from 0, < 0.9.8k-6
- CRITICAL9.8CVE-2016-6303Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of…from 0, < 1.0.2i-1
- CRITICAL9.8CVE-2016-2182The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote att…from 0, < 1.0.2i-1
- from 0, < 1.0.1t-1+deb8u4
- from 0, < 1.0.1t-1+deb7u1
- from 0, < 1.0.2i-1
- CRITICAL9.8CVE-2016-2108The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a deni…from 0, < 1.0.2c-1
- CRITICAL9.8CVE-2016-2842The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memo…from 0, < 1.0.2g-1
- CRITICAL9.8CVE-2016-0799The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, wh…from 0, < 1.0.2g-1
- CRITICAL9.8CVE-2016-0705Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g…from 0, < 1.0.2g-1
- CRITICAL9.8CVE-2003-0545Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…from 0, < 0.9.7c
- CRITICAL9.1CVE-2024-5535Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or…from 0, < 1.1.1w-0+deb11u2
- from 0, < 3.0.8-1
- from 0, < 3.0.18-1~deb12u2
- from 0, < 3.0.18-1~deb12u2
- HIGH8.1CVE-2026-28387Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE…from 0
- HIGH7.5CVE-2026-31790Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memor…from 0, < 3.0.19-1~deb12u2
- HIGH7.5CVE-2026-28390Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happe…from 0
- HIGH7.5CVE-2026-28389Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen.from 0
- HIGH7.5CVE-2026-28388Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the r…from 0
- HIGH7.5CVE-2026-28386Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds…from 0, < 3.6.2-1
- HIGH7.5CVE-2025-69421Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.from 0, < 1.1.1w-0+deb11u5
- HIGH7.5CVE-2025-69420Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accesse…from 0, < 1.1.1w-0+deb11u5
- from 0, < 1.1.1w-0+deb11u4
- from 0, < 1.1.1w-0+deb11u4
- from 0, < 3.0.17-1~deb12u3
- HIGH7.5CVE-2024-4741Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situatio…from 0, < 1.1.1w-0+deb11u2
- from 0, < 3.0.14-1~deb12u2
- from 0, < 3.0.14-1~deb12u2
- from 0, < 3.0.11-1~deb12u2
- from 0, < 3.0.11-1~deb12u2
- from 0, < 1.1.1n-0+deb11u5
- from 0, < 1.1.1n-0+deb10u5
- from 0, < 1.1.1n-0+deb11u5
- from 0, < 1.1.1n-0+deb11u4
- from 0, < 3.0.8-1
- from 0, < 1.1.1n-0+deb11u4
- from 0, < 3.0.8-1
- from 0, < 3.0.8-1
- from 0, < 3.0.7-2
- from 0, < 3.0.7-1
- from 0, < 3.0.7-1
- from 0, < 1.1.1n-0+deb11u4
- from 0, < 1.1.1n-0+deb11u4
- from 0, < 1.1.1n-0+deb10u4
- from 0, < 1.1.1k-1+deb11u2
- from 0, < 1.1.1j-1
- from 0, < 1.1.0l-1~deb9u3
- from 0, < 1.1.1d-0+deb10u3
- from 0, < 1.1.1g-1
- from 0, < 1.0.1t-1+deb8u9
- from 0, < 1.1.1-1
- from 0, < 1.1.0j-1~deb9u1
- HIGH7.5CVE-2016-8610A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined process…from 0, < 1.0.2j-1
- HIGH7.5CVE-2017-3733During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa)…from 0, < 1.1.0e-1
- HIGH7.5CVE-2017-3731If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that ser…from 0, < 1.1.0d-1
- HIGH7.5CVE-2017-3730In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the c…from 0, < 1.1.0d-1
- HIGH7.5CVE-2016-7054In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger…from 0, < 1.1.0c-1
- HIGH7.5CVE-2016-7053In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference.from 0, < 1.1.0c-1
- HIGH7.5CVE-2016-7052crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application cra…from 0, < 1.0.2j-1
- HIGH7.5CVE-2016-6304Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a…from 0, < 1.0.2i-1
- HIGH7.5CVE-2016-6302The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket len…from 0, < 1.0.2i-1
- HIGH7.5CVE-2016-2181The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a…from 0, < 1.0.2i-1
- HIGH7.5CVE-2016-2179The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-orde…from 0, < 1.0.2i-1
- HIGH7.5CVE-2016-2180The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in Open…from 0, < 1.0.2i-1
- HIGH7.5CVE-2016-2109The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h a…from 0, < 1.0.2h-1
- HIGH7.5CVE-2016-2106Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote a…from 0, < 1.0.2h-1
- from 0, < 1.0.1e-2+deb7u21
- from 0, < 1.0.1k-3+deb8u5
- from 0, < 1.0.2h-1
- HIGH7.5CVE-2000-1254crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it ea…from 0, < 0.9.6-1
- HIGH7.5CVE-2016-0798Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to c…from 0, < 1.0.2g-1
- HIGH7.5CVE-2016-0797Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap…from 0, < 1.0.2g-1
- from 0, < 1.0.2e-1
- from 0, < 1.0.1e-2+deb7u18
- HIGH7.5CVE-2015-3193The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by t…from 0, < 1.0.2e-1
- HIGH7.5CVE-2015-1789The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before…from 0, < 1.0.2b-1
- HIGH7.5CVE-2008-0166OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable…from 0, < 0.9.8g-9
- HIGH7.5CVE-2005-2946The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorith…from 0, < 0.9.8-1
- from 0, < 0.9.6c-2.woody.6
- from 0, < 0.9.7d-1
- HIGH7.4CVE-2025-69419Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name c…from 0, < 1.1.1w-0+deb11u5
- from 0, < 1.1.1n-0+deb11u4
- from 0, < 1.1.1k-1+deb11u1
- from 0, < 1.1.0l-1~deb9u4
- from 0, < 1.1.1k-1
- from 0, < 1.1.1c-1
- from 0, < 1.1.0k-1~deb9u1
- HIGH7.4CVE-2014-0224OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, wh…from 0, < 1.0.1h-1
- from 0, < 1.1.1n-0+deb11u3
- from 0, < 1.1.1n-0+deb10u3
- from 0, < 1.1.0l-1~deb9u6
- from 0, < 1.1.1n-0+deb10u2
- from 0, < 1.1.1n-0+deb11u2
- MEDIUM6.5CVE-2026-2673Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group config…from 0, < 3.5.5-1~deb13u2
- MEDIUM6.5CVE-2025-9231Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implement…from 0, < 3.5.1-1+deb13u1
- MEDIUM6.5CVE-2025-4575Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.from 0, < 3.5.0-2
- MEDIUM6.5CVE-2023-6129Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applic…from 0, < 3.0.13-1~deb12u1
- MEDIUM6.5CVE-2023-2650Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow.from 0, < 1.1.1n-0+deb11u5
- from 0, < 1.0.1t-1+deb7u4
- from 0, < 1.0.1t-1+deb8u8
- from 0, < 1.1.0h-1
- MEDIUM6.5CVE-2017-3736There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g.from 0, < 1.1.0g-1
- MEDIUM6.5CVE-2015-1793The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic…from 0, < 1.0.2d-1
- from 0, < 3.4.1-1
- MEDIUM6.1CVE-2025-11187Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer o…from 0, < 3.5.4-1~deb13u2
- MEDIUM5.9CVE-2025-66199Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without che…from 0, < 3.5.4-1~deb13u2
- MEDIUM5.9CVE-2025-15468Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite…from 0, < 3.5.4-1~deb13u2
- MEDIUM5.9CVE-2025-9232Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment v…from 0, < 3.0.17-1~deb12u3
- MEDIUM5.9CVE-2023-6237Issue summary: Checking excessively long invalid RSA public keys may take a long time.from 0, < 3.0.13-1~deb12u1
- MEDIUM5.9CVE-2024-2511Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary…from 0, < 1.1.1w-0+deb11u2
- MEDIUM5.9CVE-2023-1255Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the inp…from 0, < 3.0.9-1
- from 0, < 1.1.1n-0+deb11u4
- from 0, < 1.1.1k-1+deb11u2
- from 0, < 1.1.1d-0+deb10u8
- from 0, < 1.1.1k-1
- from 0, < 1.1.1d-0+deb10u6
- from 0, < 1.1.1j-1
- from 0, < 1.1.1d-0+deb10u4
- from 0, < 1.1.1i-1
- from 0, < 1.1.0l-1~deb9u2
- from 0, < 1.1.0b-2
- from 0, < 1.0.1t-1+deb8u11
- MEDIUM5.9CVE-2018-0734The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.from 0, < 1.1.1a-1
- from 0, < 1.0.1t-1+deb8u10
- from 0, < 1.1.1a-1
- MEDIUM5.9CVE-2018-0737The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack.from 0, < 1.1.0h-3
- MEDIUM5.9CVE-2018-0733Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of e…from 0, < 1.1.0h-1
- MEDIUM5.9CVE-2017-3738There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.from 0, < 1.1.0h-1
- from 0, < 1.1.0b-2
- MEDIUM5.9CVE-2016-7055There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c tha…from 0, < 1.1.0c-1
- MEDIUM5.9CVE-2017-3732There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d.from 0, < 1.1.0d-1
- MEDIUM5.9CVE-2016-6306The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-b…from 0, < 1.0.2i-1
- MEDIUM5.9CVE-2016-2107The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding che…from 0, < 1.0.2h-1
- MEDIUM5.9CVE-2016-0704An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.…from 0, < 1.0.0c-2
- MEDIUM5.9CVE-2016-0703The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.…from 0, < 1.0.0c-2
- MEDIUM5.9CVE-2016-0800The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify m…from 0, < 1.0.0c-2
- from 0, < 0.9.8o-4squeeze23
- from 0, < 1.0.0c-2
- from 0, < 1.0.1f-1
- from 0, < 1.0.1e-2+deb7u19
- MEDIUM5.5CVE-2026-22795Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.from 0, < 1.1.1w-0+deb11u5
- MEDIUM5.5CVE-2025-15469Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and report…from 0, < 3.5.4-1~deb13u2
- from 0, < 1.1.1w-0+deb11u2
- from 0, < 1.0.2a-1
- from 0, < 1.0.1t-1+deb8u6
- from 0, < 1.0.1t-1+deb7u2
- MEDIUM5.5CVE-2016-2178The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations…from 0, < 1.0.2i-1
- MEDIUM5.3CVE-2026-22796Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is…from 0, < 1.1.1w-0+deb11u5
- MEDIUM5.3CVE-2025-27587OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of…from 0
- MEDIUM5.3CVE-2024-4603Issue summary: Checking excessively long DSA keys or parameters may be very slow.from 0, < 3.0.14-1~deb12u1
- from 0, < 1.1.1w-0+deb11u2
- from 0, < 1.1.1n-0+deb11u6
- from 0, < 1.1.1w-0+deb11u2
- MEDIUM5.3CVE-2023-3817Issue summary: Checking excessively long DH keys or parameters may be very slow.from 0, < 1.1.1v-0~deb11u1
- from 0, < 1.1.1v-0~deb11u1
- from 0, < 1.1.1n-0+deb10u6
- MEDIUM5.3CVE-2023-2975Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenti…from 0, < 3.0.10-1~deb12u1
- MEDIUM5.3CVE-2023-0466The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verific…from 0, < 1.1.1n-0+deb11u5
- MEDIUM5.3CVE-2023-0465Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent cer…from 0, < 1.1.1n-0+deb11u5
- from 0, < 1.1.0l-1~deb9u5
- from 0, < 1.1.1d-0+deb10u5
- from 0, < 1.1.1e-1
- from 0, < 1.1.1d-1
- from 0, < 1.0.1t-1+deb7u3
- from 0, < 1.1.0g-1
- from 0, < 1.0.1t-1+deb8u7
- from 0, < 1.0.2e-1
- from 0, < 0.9.8o-4squeeze22
- from 0, < 1.0.2g-1
- from 0, < 1.0.1e-2+deb7u20
- from 0, < 1.1.1w-0+deb11u5
- from 0, < 1.1.1w-0+deb11u5
- from 0, < 1.1.1d-1
- from 0, < 1.0.1t-1+deb8u12
- from 0, < 1.1.0l-1~deb9u1
- MEDIUM4.7CVE-2018-5407Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel…from 0, < 1.1.1~~pre9-1
- MEDIUM4.3CVE-2024-9143Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-…from 0, < 1.1.1w-0+deb11u2
- from 0, < 1.1.1w-0+deb11u3
- from 0, < 1.1.1w-0+deb11u3
- MEDIUM4.0CVE-2025-69418Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is no…from 0, < 1.1.1w-0+deb11u5
- from 0, < 1.0.0d-1
- from 0, < 1.1.0c-1
- LOW3.7CVE-2019-1563In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sendin…from 0, < 1.1.1d-1
- LOW3.7CVE-2016-0701The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for…from 0, < 1.0.2f-2
- from 0, < 1.0.2b-1
- from 0, < 1.0.1j-1
- —CVE-2015-3196ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes t…from 0, < 1.0.2d-1
- —CVE-2015-1794The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segm…from 0, < 1.0.2e-1
- —CVE-2015-1792The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1…from 0, < 1.0.2b-1
- —CVE-2015-1791Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.…from 0, < 1.0.2b-1
- —CVE-2015-1790The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 befo…from 0, < 1.0.2b-1
- —CVE-2015-1788The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.…from 0, < 1.0.2b-1
- from 0, < 1.0.1e-2+deb7u17
- from 0, < 0.9.8o-4squeeze21
- from 0, < 1.0.1h-1
- —CVE-2015-0293The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attacke…from 0, < 1.0.0c-2
- —CVE-2015-0292Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za,…from 0, < 1.0.1h-1
- —CVE-2015-0289The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly ha…from 0, < 1.0.1k-2
- —CVE-2015-0288The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 befo…from 0, < 1.0.1k-2
- —CVE-2015-0287The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 befo…from 0, < 1.0.1k-2
- —CVE-2015-0286The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.…from 0, < 1.0.1k-2
- from 0, < 1.0.1k-2
- from 0, < 0.9.8o-4squeeze20
- from 0, < 1.0.1e-2+deb7u15
- —CVE-2015-0206Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers…from 0, < 1.0.1k-1
- —CVE-2015-0205The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a…from 0, < 1.0.1k-1
- —CVE-2015-0204The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL s…from 0, < 1.0.1k-1
- —CVE-2014-8275OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows…from 0, < 1.0.1k-1
- —CVE-2014-3572The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL s…from 0, < 1.0.1k-1
- —CVE-2014-3571OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer der…from 0, < 1.0.1k-1
- from 0, < 1.0.1k-1
- from 0, < 0.9.8o-4squeeze19
- from 0, < 1.0.1k-1
- from 0, < 1.0.1e-2+deb7u14
- —CVE-2014-3568OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remot…from 0, < 1.0.1j-1
- from 0, < 1.0.1j-1
- from 0, < 0.9.8o-4squeeze18
- from 0, < 1.0.1j-1
- from 0, < 1.0.1e-2+deb7u13
- —CVE-2014-5139The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NUL…from 0, < 1.0.1i-1
- —CVE-2014-3512Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause…from 0, < 1.0.1i-1
- —CVE-2014-3511The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS…from 0, < 1.0.1i-1
- —CVE-2014-3510The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allow…from 0, < 1.0.1i-1
- —CVE-2014-3509Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multit…from 0, < 1.0.1i-1
- —CVE-2014-3508The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pr…from 0, < 1.0.1i-1
- —CVE-2014-3507Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows re…from 0, < 1.0.1i-1
- —CVE-2014-3506d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers…from 0, < 1.0.1i-1
- from 0, < 0.9.8o-4squeeze17
- from 0, < 1.0.1e-2+deb7u12
- from 0, < 1.0.1i-1
- —CVE-2014-3470The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an an…from 0, < 1.0.1h-1
- —CVE-2014-0221The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote…from 0, < 1.0.1h-1
- from 0, < 1.0.1e-2+deb7u10
- from 0, < 1.0.1h-1
- from 0, < 1.0.1g-4
- from 0, < 1.0.1e-2+deb7u9
- from 0, < 1.0.1g-3
- from 0, < 1.0.1e-2+deb7u7
- from 0, < 1.0.1g-1
- from 0, < 0.9.8o-4squeeze15
- from 0, < 1.0.1e-2+deb7u3
- from 0, < 1.0.1f-1
- —CVE-2013-6450The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures fo…from 0, < 1.0.1e-5
- from 0, < 1.0.1e-2+deb7u1
- from 0, < 1.0.1e-5
- —CVE-2007-6755The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains poin…from 0, < 1.1.0b-2
- from 0, < 1.0.1e-1
- from 0, < 0.9.8o-4squeeze14
- from 0, < 1.0.1e-1
- —CVE-2012-2686crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows r…from 0, < 1.0.1e-1
- from 0, < 0.9.8o-4squeeze16
- from 0, < 1.0.1e-5
- —CVE-2011-5095The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter,…from 0, < 0.9.8a-1
- from 0, < 1.0.1c-1
- from 0, < 0.9.8o-4squeeze13
- from 0, < 0.9.8o-4squeeze12
- —CVE-2012-2110The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not pr…from 0, < 1.0.1a-1
- —CVE-2012-1165The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a den…from 0, < 1.0.0h-1
- —CVE-2012-0884The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restr…from 0, < 1.0.0h-1
- from 0, < 1.0.0h-1
- from 0, < 0.9.8o-4squeeze11
- —CVE-2011-4354crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving…from 0, < 0.9.8o-4squeeze3
- from 0, < 0.9.8g-15+lenny16
- from 0, < 1.0.0g-1
- —CVE-2012-0027The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attacke…from 0, < 1.0.0f-1
- —CVE-2011-4619The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restar…from 0, < 1.0.0h-1
- —CVE-2011-4577OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assert…from 0, < 1.0.0f-1
- —CVE-2011-4576The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher pad…from 0, < 1.0.0f-1
- —CVE-2011-4109Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unsp…from 0, < 1.0.0c-1
- from 0, < 1.0.0f-1
- from 0, < 0.9.8g-15+lenny15
- —CVE-2011-3210The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during p…from 0, < 1.0.0e-1
- —CVE-2011-3207crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attac…from 0, < 1.0.0e-1
- from 0, < 0.9.8g-15+lenny12
- from 0, < 1.0.0e-1
- from 0, < 0.9.8o-4squeeze1
- from 0, < 0.9.8o-5
- —CVE-2008-7270OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the ses…from 0, < 0.9.8k-1
- —CVE-2010-4180OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modifica…from 0, < 0.9.8o-4
- from 0, < 0.9.8o-3
- from 0, < 0.9.8g-15+lenny9
- from 0, < 0.9.8g-15+lenny8
- from 0, < 0.9.8o-2
- —CVE-2010-0742The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not prop…from 0, < 1.0.0e-1
- —CVE-2010-0740The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash)…from 0, < 0.9.8n-1
- —CVE-2009-3245OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2…from 0, < 0.9.8m-1
- —CVE-2010-0928OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for cer…from 0
- from 0, < 0.9.8k-8
- from 0, < 0.9.8g-15+lenny6
- from 0, < 0.9.8k-4
- from 0, < 0.9.8c-4etch9
- —CVE-2009-1387The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of…from 0, < 0.9.8k-2
- —CVE-2009-1386ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via…from 0, < 0.9.8k-1
- —CVE-2009-1379Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attack…from 0, < 0.9.8k-1
- —CVE-2009-1378Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow…from 0, < 0.9.8k-1
- —CVE-2009-1377The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of…from 0, < 0.9.8k-1
- from 0, < 0.9.8g-16
- from 0, < 0.9.8c-4etch5
- —CVE-2009-0653OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to…from 0, < 0.9.8-1
- from 0, < 0.9.8g-15
- from 0, < 0.9.8c-4etch4
- from 0, < 0.9.8g-10+lenny1
- from 0, < 0.9.8g-10.1
- —CVE-2008-1672OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchan…from 0, < 0.9.8g-10.1
- —CVE-2007-4995Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecifie…from 0, < 0.9.8f-1
- from 0, < 0.9.7e-3sarge5
- from 0, < 0.9.8e-9
- from 0, < 0.9.8e-6
- from 0, < 0.9.8c-4etch3
- —CVE-2006-3738Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspec…from 0, < 0.9.8c-2
- from 0, < 0.9.8c-2
- from 0, < 0.9.7e-3sarge4
- —CVE-2006-4343The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows rem…from 0, < 0.9.8c-2
- from 0, < 0.9.8c-2
- from 0, < 0.9.7e-3sarge2
- from 0, < 0.9.8b-3
- from 0, < 0.9.8-3
- from 0, < 0.9.6c-2.woody.8
- from 0, < 0.9.6c-2.woody.7
- from 0, < 0.9.7e-3
- —CVE-2004-0112The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of…from 0, < 0.9.7d-1
- —CVE-2004-0081OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (inf…from 0, < 0.9.6d-1
- from 0, < 0.9.6c-2.woody.4
- —CVE-2003-0544OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a…from 0, < 0.9.7c
- from 0, < 0.9.7c
- —CVE-2002-1568OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to c…from 0, < 0.9.6g-1
- —CVE-2003-0147OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining fac…from 0, < 0.9.7b-1
- from 0, < 0.9.7b-1
- from 0, < 0.9.6c-2.woody.3
- from 0, < 0.9.6c-2.woody.2
- from 0, < 0.9.7a-1
- from 0, < 0.9.6e-1
- from 0, < 0.9.6c-2.woody.1
- —CVE-2002-0657Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master ke…from 0, < 0.9.6e-1
- —CVE-2002-0656Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a lar…from 0, < 0.9.6e-1
- —CVE-2002-0659The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via inval…from 0, < 0.9.6e-1
- from 0, < 0.9.6c-2.woody.1
- from 0, < 0.9.6c-2.woody.0