cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-5535,https://securityvulnerability.io/vulnerability/CVE-2024-5535,Buffer Overread in SSL_select_next_proto May Lead to Loss of Confidentiality,"A buffer overread vulnerability exists in OpenSSL that may lead to the accidental exposure of up to 255 bytes of sensitive memory content when the API function SSL_select_next_proto is called with an empty list of supported client protocols. This situation is unlikely to arise under normal circumstances, as it typically requires a configuration or programming mistake. When SSL_select_next_proto is invoked incorrectly, it fails to detect this and can return invalid memory content, potentially leading to a loss of confidentiality. Primarily, this affects applications using Next Protocol Negotiation (NPN), which is less common than the more widely adopted Application Layer Protocol Negotiation (ALPN). Developers must ensure proper handling of protocol lists to avoid inadvertently exposing private data.",OpenSSL,OpenSSL,9.1,CRITICAL,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-27T10:30:53.118Z,0 CVE-2023-49210,https://securityvulnerability.io/vulnerability/CVE-2023-49210,Command Execution Vulnerability in OpenSSL NPM Package by OpenSSL,"A command execution vulnerability exists in the OpenSSL NPM package, which functions as a wrapper lacking real purpose. It accepts an 'opts' argument containing a 'verb' field, potentially allowing malicious users to execute arbitrary commands. This issue primarily affects legacy products that are no longer maintained, leaving them susceptible to exploitation and security breaches.",Node-OpenSSL Project,Node-OpenSSL,9.8,CRITICAL,0.001820000004954636,false,,false,false,false,,,false,false,,2023-11-23T00:00:00.000Z,0 CVE-2023-5363,https://securityvulnerability.io/vulnerability/CVE-2023-5363,Incorrect cipher key & IV length processing,"A vulnerability has been identified within OpenSSL affecting the handling of key and initialization vector (IV) lengths. This issue can lead to truncation or overrun during the initialization of various symmetric cipher modes, including RC2, RC4, RC5, CCM, GCM, and OCB. The flaw occurs when altering parameters within the OSSL_PARAM array, as changes to the key or IV lengths may go unprocessed after their establishment. In particular, a truncated IV in modes like GCM could result in IV reuse, potentially compromising confidentiality. Although the likelihood of exploitation is low due to the nature of key and IV alterations, any applications that inadvertently fall victim to this issue could face serious security implications.",OpenSSL,OpenSSL,7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0 CVE-2023-4807,https://securityvulnerability.io/vulnerability/CVE-2023-4807,POLY1305 MAC implementation corrupts XMM registers on Windows,"The POLY1305 MAC implementation in OpenSSL has a flaw that may lead to internal state corruption in applications running on the Windows 64 platform, specifically on newer X86_64 processors that support AVX512-IFMA instructions. This issue arises when the MAC algorithm is employed in applications using OpenSSL. If an attacker manages to control whether POLY1305 MAC is invoked, it could result in corrupted application state, with varying consequences depending on the application’s dependency on XMM register contents. The problematic behavior occurs when processing data larger than 64 bytes, where non-volatile XMM registers are zeroed instead of restored. While potential outcomes range from harmless to critical, most likely impacts include erroneous computations or application crashes, potentially leading to denial of service. It's noteworthy that there is currently a lack of known affected applications. Workarounds include disabling AVX512-IFMA at runtime.",OpenSSL,OpenSSL,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-08T12:15:00.000Z,0 CVE-2023-0464,https://securityvulnerability.io/vulnerability/CVE-2023-0464,Excessive Resource Usage Verifying X.509 Policy Constraints,"A vulnerability has been identified in the OpenSSL library affecting all supported versions, specifically concerning the verification of X.509 certificate chains with policy constraints. If exploited, this vulnerability can allow attackers to create a malicious certificate chain, leading to excessive computational resource usage and potentially causing denial-of-service (DoS) attacks. Policy processing is off by default but can be activated using certain command line utilities, creating a risk pathway for capable adversaries. It is crucial for organizations using OpenSSL to stay informed and apply necessary patches to mitigate this risk.",OpenSSL,OpenSSL,7.5,HIGH,0.015599999576807022,false,,false,false,true,2023-04-24T06:40:37.000Z,true,false,false,,2023-03-22T17:15:00.000Z,0 CVE-2023-0215,https://securityvulnerability.io/vulnerability/CVE-2023-0215,Use-after-free following BIO_new_NDEF,"A use-after-free vulnerability exists in the OpenSSL library's BIO_new_NDEF function. This flaw can be triggered under specific conditions, such as when an invalid CMS recipient public key is used. The BIO_new_NDEF function creates a new BIO chain and returns it while failing to properly clean up in the event of an error. This oversight allows for the original BIO to maintain pointers to a freed filter BIO. If an application subsequently calls BIO_pop() on the original BIO, it can lead to a crash, impacting various public API functions and command line utilities that rely on these BIO operations.",OpenSSL,OpenSSL,7.5,HIGH,0.006920000072568655,false,,false,false,false,,,false,false,,2023-02-08T20:15:00.000Z,0 CVE-2023-0401,https://securityvulnerability.io/vulnerability/CVE-2023-0401,NULL dereference during PKCS7 data verification,"A null pointer dereference occurs during the verification of PKCS7 signed or signedAndEnveloped data in OpenSSL. If the signature’s hash algorithm is recognized by the OpenSSL library but the necessary implementation of that algorithm is not available, the process fails during digest initialization. This situation arises often in cases where the FIPS-enabled configuration is used or when the legacy provider is not loaded. The absence of a proper check for the return value from the initialization function can lead to invalid usage of the digest API, which may result in a crash for third-party applications that rely on these functions for verifying signatures on untrusted data.",OpenSSL,OpenSSL,7.5,HIGH,0.0037400000728666782,false,,false,false,false,,,false,false,,2023-02-08T20:15:00.000Z,0 CVE-2023-0286,https://securityvulnerability.io/vulnerability/CVE-2023-0286,X.400 address type confusion in X.509 GeneralName,"A type confusion vulnerability has been identified in OpenSSL that affects how X.400 addresses are processed within an X.509 GeneralName. This issue arises due to an incorrect specification of the x400Address field type, leading to improper interpretation by the function GENERAL_NAME_cmp. When Certificate Revocation List (CRL) checking is enabled, this vulnerability allows potential attackers to manipulate memory access, which could lead to unauthorized reading of memory contents or result in a denial of service. The exploitation of this vulnerability typically requires the attacker to control both the certificate chain and CRL, although in some situations, they may only need to control one of these inputs if the other contains an X.400 address as a CRL distribution point. Thus, applications utilizing individual CRL retrieval processes are particularly susceptible to this flaw.",OpenSSL,OpenSSL,7.4,HIGH,0.004220000002533197,false,,false,false,false,,,false,false,,2023-02-08T20:15:00.000Z,0 CVE-2023-0216,https://securityvulnerability.io/vulnerability/CVE-2023-0216,Invalid pointer dereference in d2i_PKCS7 functions,"An invalid pointer dereference occurs when applications attempt to process malformed PKCS7 data using functions such as d2i_PKCS7(), d2i_PKCS7_bio(), or d2i_PKCS7_fp(). This flaw can lead to application crashes, effectively resulting in a denial of service. While the TLS implementation in OpenSSL itself does not invoke these functions, third-party applications that handle untrusted data might be at risk.",OpenSSL,OpenSSL,7.5,HIGH,0.0018700000364333391,false,,false,false,false,,,false,false,,2023-02-08T20:15:00.000Z,0 CVE-2023-0217,https://securityvulnerability.io/vulnerability/CVE-2023-0217,NULL dereference validating DSA public key,"An invalid pointer dereference can occur when the EVP_PKEY_public_check() function processes a malformed DSA public key. Should an application utilize this function with public keys from untrusted sources, it may lead to application crashes or denial of service. While the TLS implementation in OpenSSL does not invoke this function, applications meeting stringent security standards, such as FIPS 140-3, might engage the function, exposing them to potential disruptions.",OpenSSL,OpenSSL,7.5,HIGH,0.0018700000364333391,false,,false,false,false,,,false,false,,2023-02-08T20:15:00.000Z,0 CVE-2022-4450,https://securityvulnerability.io/vulnerability/CVE-2022-4450,Double free after calling PEM_read_bio_ex,"The vulnerability arises in the PEM_read_bio_ex() function of OpenSSL, which processes PEM files. If it encounters a malformed file resulting in 0 bytes of payload, it fails but still provides a pointer to a buffer that may have already been deallocated. When the caller attempts to free this buffer again, a double free condition occurs, potentially leading to application crashes. An attacker can exploit this vulnerability by supplying specially crafted PEM files, creating avenues for denial of service attacks. This issue also affects wrapper functions like PEM_read_bio() and PEM_read(), as well as other OpenSSL functions that indirectly call PEM_read_bio_ex().",OpenSSL,OpenSSL,7.5,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2023-02-08T19:04:04.874Z,0 CVE-2022-3996,https://securityvulnerability.io/vulnerability/CVE-2022-3996,X.509 Policy Constraints Double Locking,"If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.",OpenSSL,OpenSSL,7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2022-12-13T15:43:06.821Z,0 CVE-2022-3602,https://securityvulnerability.io/vulnerability/CVE-2022-3602,X.509 Email Address 4-byte Buffer Overflow,"A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",OpenSSL,OpenSSL,7.5,HIGH,0.22495999932289124,false,,false,false,true,2022-11-07T07:58:36.000Z,true,false,false,,2022-11-01T00:00:00.000Z,0 CVE-2022-3786,https://securityvulnerability.io/vulnerability/CVE-2022-3786,X.509 Email Address Variable Length Buffer Overflow,"A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. ",OpenSSL,OpenSSL,7.5,HIGH,0.0012499999720603228,false,,false,false,true,2023-01-11T19:52:43.000Z,true,false,false,,2022-11-01T00:00:00.000Z,0 CVE-2022-3358,https://securityvulnerability.io/vulnerability/CVE-2022-3358,Using a Custom Cipher with NID_undef may lead to NULL encryption,"OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).",OpenSSL,OpenSSL,7.5,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2022-10-11T00:00:00.000Z,0 CVE-2022-2274,https://securityvulnerability.io/vulnerability/CVE-2022-2274,RSA implementation bug in AVX512IFMA instructions,The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.,OpenSSL,OpenSSL,9.8,CRITICAL,0.025599999353289604,false,,false,false,true,2023-02-21T01:56:51.000Z,true,false,false,,2022-07-01T08:15:00.000Z,0 CVE-2022-2068,https://securityvulnerability.io/vulnerability/CVE-2022-2068,The c_rehash script allows command injection,"In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).",OpenSSL,OpenSSL,9.8,CRITICAL,0.13880999386310577,false,,false,false,false,,,false,false,,2022-06-21T00:00:00.000Z,0 CVE-2022-1292,https://securityvulnerability.io/vulnerability/CVE-2022-1292,The c_rehash script allows command injection,"The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).",OpenSSL,OpenSSL,9.8,CRITICAL,0.05682000145316124,false,,false,false,true,2022-09-13T22:01:05.000Z,true,false,false,,2022-05-03T00:00:00.000Z,0 CVE-2022-1473,https://securityvulnerability.io/vulnerability/CVE-2022-1473,Resource leakage when decoding certificates and keys,"The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).",OpenSSL,OpenSSL,7.5,HIGH,0.005770000163465738,false,,false,false,false,,,false,false,,2022-05-03T00:00:00.000Z,0 CVE-2022-0778,https://securityvulnerability.io/vulnerability/CVE-2022-0778,Infinite loop in BN_mod_sqrt() reachable when parsing certificates,"The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",OpenSSL,OpenSSL,7.5,HIGH,0.0546099990606308,false,,false,false,true,2023-10-26T04:39:44.000Z,true,false,false,,2022-03-15T00:00:00.000Z,0 CVE-2021-4044,https://securityvulnerability.io/vulnerability/CVE-2021-4044,Invalid handling of X509_verify_cert() internal errors in libssl,"Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).",OpenSSL,OpenSSL,7.5,HIGH,0.002259999979287386,false,,false,false,false,,,false,false,,2021-12-14T00:00:00.000Z,0 CVE-2021-3712,https://securityvulnerability.io/vulnerability/CVE-2021-3712,Read buffer overruns processing ASN.1 strings,"ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own ""d2i"" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the ""data"" and ""length"" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the ""data"" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",OpenSSL,OpenSSL,7.4,HIGH,0.0052200001664459705,false,,false,false,false,,,false,false,,2021-08-24T00:00:00.000Z,0 CVE-2021-3711,https://securityvulnerability.io/vulnerability/CVE-2021-3711,SM2 Decryption Buffer Overflow,"In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the ""out"" parameter can be NULL and, on exit, the ""outlen"" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the ""out"" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",OpenSSL,OpenSSL,9.8,CRITICAL,0.03382999822497368,false,,false,false,false,,,false,false,,2021-08-24T00:00:00.000Z,0 CVE-2021-3450,https://securityvulnerability.io/vulnerability/CVE-2021-3450,CA certificate check bypass with X509_V_FLAG_X509_STRICT,"The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a ""purpose"" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named ""purpose"" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).",OpenSSL,OpenSSL,7.4,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2021-03-25T00:00:00.000Z,0 CVE-2021-23840,https://securityvulnerability.io/vulnerability/CVE-2021-23840,Integer overflow in CipherUpdate,"Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",OpenSSL,OpenSSL,7.5,HIGH,0.006940000224858522,false,,false,false,true,2023-09-11T09:24:54.000Z,true,false,false,,2021-02-16T00:00:00.000Z,0