Openssl-src

This hub aggregates every CVE we track for Openssl-src, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Openssl-src.

• CVE-2022-4203X.509 Name Constraints Read Buffer Overflow4.9Feb 24, 2023
• CVE-2022-4304Timing Oracle in RSA Decryption5.9Feb 8, 2023
• CVE-2022-4450Double free after calling PEM_read_bio_ex7.5Feb 8, 2023
• CVE-2023-0215Use-after-free following BIO_new_NDEF7.5Feb 8, 2023
• CVE-2023-0216Invalid pointer dereference in d2i_PKCS7 functions7.5Feb 8, 2023
• CVE-2023-0217NULL dereference validating DSA public key7.5Feb 8, 2023
• CVE-2023-0286X.400 address type confusion in X.509 GeneralName7.4Feb 8, 2023
• CVE-2023-0401NULL dereference during PKCS7 data verification7.5Feb 8, 2023
• CVE-2022-3996X.509 Policy Constraints Double Locking7.5Dec 13, 2022
• CVE-2022-3786X.509 Email Address Variable Length Buffer Overflow7.5Nov 1, 2022
• CVE-2022-3602X.509 Email Address 4-byte Buffer Overflow7.5Nov 1, 2022
• CVE-2022-3358Using a Custom Cipher with NID_undef may lead to NULL encryption7.5Oct 11, 2022
• CVE-2022-2097AES OCB fails to encrypt some bytes5.3Jul 5, 2022
• CVE-2022-2274RSA implementation bug in AVX512IFMA instructions9.8Jul 1, 2022
• CVE-2022-1473Resource leakage when decoding certificates and keys7.5May 3, 2022