pkg:crates.io/openssl-src

所有已知漏洞

• CRITICAL9.8CVE-2022-3602X.509 Email Address 4-byte Buffer Overflow
  >= 300.0.0, < 300.0.11
• CRITICAL9.8CVE-2022-3602X.509 Email Address 4-byte Buffer Overflow
  >= 300.0.0, < 300.0.11
• CRITICAL9.8CVE-2022-2274Heap memory corruption with RSA private key operation
  >= 300.0.8, < 300.0.9
• CRITICAL9.8CVE-2022-2274Heap memory corruption with RSA private key operation
  >= 300.0.8, < 300.0.9
• CRITICAL9.8CVE-2021-3711openssl - security update
  >= 0.0.0-0, < 111.16.0
• CRITICAL9.8CVE-2021-3711openssl - security update
  from 0, < 111.16.0
• CRITICAL9.1CVE-2022-4203openssl-src contains Read Buffer Overflow in X.509 Name Constraint
  >= 300.0.0, < 300.0.12
• CRITICAL9.1CVE-2022-4203openssl-src contains Read Buffer Overflow in X.509 Name Constraint
  >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2023-0215openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
  from 0, < 111.25.0
• HIGH7.5CVE-2023-0215openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
  >= 0.0.0-0, < 111.25.0, >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2023-0216openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
  >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2023-0216openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
  >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2022-4450openssl-src contains Double free after calling `PEM_read_bio_ex`
  >= 0.0.0-0, < 111.25.0, >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2022-4450openssl-src contains Double free after calling `PEM_read_bio_ex`
  from 0, < 111.25.0
• HIGH7.5CVE-2023-0217openssl-src subject to NULL dereference validating DSA public key
  >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2023-0217openssl-src subject to NULL dereference validating DSA public key
  >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2023-0401openssl-src contains `NULL` dereference during PKCS7 data verification
  >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2023-0401openssl-src contains `NULL` dereference during PKCS7 data verification
  >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2022-3996Denial of service by double-checked locking in openssl-src
  >= 300.0.0, < 300.0.12
• HIGH7.5CVE-2022-3786X.509 Email Address Variable Length Buffer Overflow
  >= 300.0.0, < 300.0.11
• HIGH7.5CVE-2022-3786X.509 Email Address Variable Length Buffer Overflow
  >= 300.0.0, < 300.0.11
• HIGH7.5CVE-2022-3358Using a Custom Cipher with `NID_undef` may lead to NULL encryption
  >= 300.0.0, < 300.0.10
• HIGH7.5CVE-2022-3358Using a Custom Cipher with `NID_undef` may lead to NULL encryption
  >= 300.0.0, < 300.0.10
• HIGH7.5CVE-2022-2097AES OCB fails to encrypt some bytes
  from 0, < 111.22.0
• HIGH7.5CVE-2022-2097AES OCB fails to encrypt some bytes
  >= 0.0.0-0, < 111.22.0, >= 300.0.0, < 300.0.9
• HIGH7.5CVE-2022-1473Resource leakage when decoding certificates and keys
  >= 300.0.0, < 300.0.6
• HIGH7.5CVE-2022-1473Resource leakage when decoding certificates and keys
  >= 300.0.0, < 300.0.6
• HIGH7.5CVE-2022-0778Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  >= 300.0.0, < 300.0.5
• HIGH7.5CVE-2022-0778Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  >= 0.0.0-0, < 111.18.0, >= 300.0.0, < 300.0.5
• HIGH7.5CVE-2021-4044Invalid handling of X509_verify_cert() internal errors in libssl
  >= 300.0.0, < 300.0.4
• HIGH7.5CVE-2021-4044Invalid handling of X509_verify_cert() internal errors in libssl
  >= 300.0.0, < 300.0.4
• HIGH7.5CVE-2021-23840Integer overflow in CipherUpdate
  >= 0.0.0-0, < 111.14.0
• HIGH7.5CVE-2021-23840Integer overflow in CipherUpdate
  from 0, < 111.14.0
• HIGH7.5CVE-2020-1967Null pointer deference in openssl-src
  >= 111.6.0, < 111.9.0
• HIGH7.5CVE-2020-1967Null pointer deference in openssl-src
  >= 111.6.0, < 111.9.0
• HIGH7.4CVE-2023-0286Vulnerable OpenSSL included in cryptography wheels
  from 0, < 111.25.0
• HIGH7.4CVE-2023-0286Vulnerable OpenSSL included in cryptography wheels
  >= 0.0.0-0, < 111.25.0, >= 300.0.0, < 300.0.12
• HIGH7.4CVE-2021-3712Read buffer overruns processing ASN.1 strings
  from 0, < 111.16.0
• HIGH7.4CVE-2021-3712Read buffer overruns processing ASN.1 strings
  >= 0.0.0-0, < 111.16.0
• HIGH7.4CVE-2021-3450CA certificate check bypass with X509_V_FLAG_X509_STRICT
  >= 111.11.0, < 111.15.0
• HIGH7.4CVE-2021-3450CA certificate check bypass with X509_V_FLAG_X509_STRICT
  >= 111.11.0, < 111.15.0
• MEDIUM5.9CVE-2022-4304openssl-src subject to Timing Oracle in RSA Decryption
  >= 0.0.0-0, < 111.25.0, >= 300.0.0, < 300.0.12
• MEDIUM5.9CVE-2022-4304openssl-src subject to Timing Oracle in RSA Decryption
  from 0, < 111.25.0
• MEDIUM5.9CVE-2022-1434Incorrect MAC key used in the RC4-MD5 ciphersuite
  >= 300.0.0, < 300.0.6
• MEDIUM5.9CVE-2022-1434Incorrect MAC key used in the RC4-MD5 ciphersuite
  >= 300.0.0, < 300.0.6
• MEDIUM5.9CVE-2021-3449NULL pointer deref in signature_algorithms processing
  from 0, < 111.15.0
• MEDIUM5.9CVE-2021-3449NULL pointer deref in signature_algorithms processing
  >= 0.0.0-0, < 111.15.0
• MEDIUM5.9CVE-2021-23841Null pointer deref in `X509_issuer_and_serial_hash()`
  from 0, < 111.14.0
• MEDIUM5.9CVE-2021-23841Null pointer deref in `X509_issuer_and_serial_hash()`
  >= 0.0.0-0, < 111.14.0
• MEDIUM5.3CVE-2022-1343`OCSP_basic_verify` may incorrectly verify the response signing certificate
  >= 300.0.0, < 300.0.6
• MEDIUM5.3CVE-2022-1343`OCSP_basic_verify` may incorrectly verify the response signing certificate
  >= 300.0.0, < 300.0.6