cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-12797,https://securityvulnerability.io/vulnerability/CVE-2024-12797,Man-in-the-Middle Vulnerability in OpenSSL Affecting Raw Public Key Authentication,"A vulnerability exists in OpenSSL's implementation of Raw Public Key (RPK) authentication that can lead to undetected server authentication failures. When clients use RPKs to authenticate, they may not recognize that the server has not been properly verified due to improper handshake termination under specific verification modes. This can expose clients to man-in-the-middle attacks if they do not implement additional checks. Though RPKs are disabled by default, enabling them without proper verification can compromise the security of TLS and DTLS connections. Clients can mitigate this by using SSL_get_verify_result() to monitor verification outcomes.",OpenSSL,OpenSSL,6.3,MEDIUM,0.00044999999227002263,false,,true,false,true,2025-02-12T06:53:03.000Z,false,false,false,,2025-02-11T15:59:36.719Z,764 CVE-2024-13176,https://securityvulnerability.io/vulnerability/CVE-2024-13176,ECDSA Timing Side-Channel Vulnerability in OpenSSL Library,"The OpenSSL Library features a timing side-channel vulnerability that may allow attackers to recover the private key through ECDSA signature computations. This vulnerability arises when the top word of the inverted ECDSA nonce value is zero, which can be exploited under specific conditions involving low latency network connections or local access to the signing application. Particularly, this issue affects the NIST P-521 curve and presents a measurable timing signal around 300 nanoseconds, enabling the potential compromise of sensitive data.",OpenSSL,OpenSSL,4.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-20T13:29:57.047Z,86 CVE-2024-4741,https://securityvulnerability.io/vulnerability/CVE-2024-4741,Incorrect Buffer Freedom in OpenSSL May Lead to Use After Free Vulnerability,"Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",OpenSSL,,,,0.0004400000034365803,false,,true,false,false,,,false,false,,2024-11-13T11:15:00.000Z,0 CVE-2024-8933,https://securityvulnerability.io/vulnerability/CVE-2024-8933,Insecure Password Hash Retrieval via Injection into Logical Network,"CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller.",OpenSSL,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T04:15:00.000Z,0 CVE-2024-9143,https://securityvulnerability.io/vulnerability/CVE-2024-9143,Out-of-Bound Memory Reads or Writes in Low-Level GF(2^m) Elliptic Curve APIs,"An issue exists with the low-level GF(2^m) elliptic curve APIs in OpenSSL, where the use of untrusted explicit values for the field polynomial may result in out-of-bounds memory reads or writes. This vulnerability can lead to application crashes and has the potential for remote code execution in specific circumstances. The impact is generally low due to the limited support for 'exotic' curve parameters in typical use cases of Elliptic Curve Cryptography (ECC). Most protocols leveraging ECC rely on named curves or X9.62 encoded binary curves that negate the possibility of invalid input values. The affected APIs, including EC_GROUP_new_curve_GF2m() and EC_GROUP_new_from_params(), are particularly relevant for applications manipulating 'exotic' binary curve parameters that could instantiate invalid field polynomials. However, the FIPS modules in versions 3.3, 3.2, 3.1, and 3.0 remain unaffected.",OpenSSL,OpenSSL,,,0.0004400000034365803,false,,true,false,true,2024-11-21T04:24:33.566Z,,false,false,,2024-10-16T17:15:00.000Z,0 CVE-2024-6119,https://securityvulnerability.io/vulnerability/CVE-2024-6119,Memory Access Issue in OpenSSL Affects Certificate Name Checks,"A vulnerability in OpenSSL allows applications performing certificate name checks, such as those in TLS clients, to read an invalid memory address. This may lead to an abnormal termination of the application process, potentially resulting in a denial of service. The issue arises when comparing the expected name with an 'otherName' subject alternative name of an X.509 certificate. Although basic certificate chain validation is unaffected, applications specifying an expected DNS name, Email address, or IP address are at risk. Notably, TLS servers are generally not impacted, as they typically do not perform name checks against reference identifiers. The FIPS modules in versions 3.3, 3.2, 3.1, and 3.0 remain unaffected.",OpenSSL,OpenSSL,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-03T16:15:00.000Z,0 CVE-2024-5535,https://securityvulnerability.io/vulnerability/CVE-2024-5535,Buffer Overread in SSL_select_next_proto May Lead to Loss of Confidentiality,"A buffer overread vulnerability exists in OpenSSL that may lead to the accidental exposure of up to 255 bytes of sensitive memory content when the API function SSL_select_next_proto is called with an empty list of supported client protocols. This situation is unlikely to arise under normal circumstances, as it typically requires a configuration or programming mistake. When SSL_select_next_proto is invoked incorrectly, it fails to detect this and can return invalid memory content, potentially leading to a loss of confidentiality. Primarily, this affects applications using Next Protocol Negotiation (NPN), which is less common than the more widely adopted Application Layer Protocol Negotiation (ALPN). Developers must ensure proper handling of protocol lists to avoid inadvertently exposing private data.",OpenSSL,OpenSSL,9.1,CRITICAL,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-27T10:30:53.118Z,0 CVE-2024-4603,https://securityvulnerability.io/vulnerability/CVE-2024-4603,Excessive delays in checking DSA keys or parameters may lead to Denial of Service attacks,"The vulnerability arises from the handling of excessively long DSA keys or parameters, which can significantly slow down applications utilizing OpenSSL. When employing the EVP_PKEY_param_check() and EVP_PKEY_public_check() functions to validate DSA public keys or DSA parameters obtained from untrusted sources, applications may become susceptible to Denial of Service (DoS) attacks due to prolonged processing times. These functions internally perform checks on DSA parameters without imposing limits on modulus sizes, potentially leading to delays when excessively large moduli are involved. Notably, while OpenSSL itself does not call these functions on untrusted DSA keys, any application directly invoking them may expose itself to this risk. The affected versions include OpenSSL 3.0 and 3.1, particularly in environments where FIPS providers are implemented.",OpenSSL,OpenSSL,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-16T15:21:20.050Z,0 CVE-2024-2467,https://securityvulnerability.io/vulnerability/CVE-2024-2467,Timing-Based Side-Channel Flaw in PKCS#1v1.5 RSA Encryption Padding Mode Could Lead to Decryption,"A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.",perl-Crypt-OpenSSL-RSA,,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-25T17:15:00.000Z,0 CVE-2023-6237,https://securityvulnerability.io/vulnerability/CVE-2023-6237,Excessive time spent checking invalid RSA public keys,"Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",OpenSSL,OpenSSL,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-25T06:27:26.990Z,0 CVE-2024-2511,https://securityvulnerability.io/vulnerability/CVE-2024-2511,Unbounded Memory Growth in TLSv1.3 Sessions Due to Non-Default Server Configurations,"Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",OpenSSL,OpenSSL,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-08T13:51:12.349Z,0 CVE-2024-0727,https://securityvulnerability.io/vulnerability/CVE-2024-0727,OpenSSL Crashes Due to Maliciously Formatted PKCS12 Files,"Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.",OpenSSL,OpenSSL,5.5,MEDIUM,0.0022799998987466097,false,,false,false,false,,,false,false,,2024-01-26T08:57:19.579Z,0 CVE-2023-6129,https://securityvulnerability.io/vulnerability/CVE-2023-6129,POLY1305 MAC implementation corrupts vector registers on PowerPC,"Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.",OpenSSL,OpenSSL,6.5,MEDIUM,0.0012600000482052565,false,,false,false,false,,,false,false,,2024-01-09T17:15:00.000Z,0 CVE-2023-49210,https://securityvulnerability.io/vulnerability/CVE-2023-49210,Command Execution Vulnerability in OpenSSL NPM Package by OpenSSL,"A command execution vulnerability exists in the OpenSSL NPM package, which functions as a wrapper lacking real purpose. It accepts an 'opts' argument containing a 'verb' field, potentially allowing malicious users to execute arbitrary commands. This issue primarily affects legacy products that are no longer maintained, leaving them susceptible to exploitation and security breaches.",Node-OpenSSL Project,Node-OpenSSL,9.8,CRITICAL,0.001820000004954636,false,,false,false,false,,,false,false,,2023-11-23T00:00:00.000Z,0 CVE-2023-5678,https://securityvulnerability.io/vulnerability/CVE-2023-5678,Excessive time spent in DH check / generation with large Q parameter value,"Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the ""-pubcheck"" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",OpenSSL,OpenSSL,5.3,MEDIUM,0.00139999995008111,false,,false,false,false,,,false,false,,2023-11-06T16:15:00.000Z,0 CVE-2023-5363,https://securityvulnerability.io/vulnerability/CVE-2023-5363,Incorrect cipher key & IV length processing,"A vulnerability has been identified within OpenSSL affecting the handling of key and initialization vector (IV) lengths. This issue can lead to truncation or overrun during the initialization of various symmetric cipher modes, including RC2, RC4, RC5, CCM, GCM, and OCB. The flaw occurs when altering parameters within the OSSL_PARAM array, as changes to the key or IV lengths may go unprocessed after their establishment. In particular, a truncated IV in modes like GCM could result in IV reuse, potentially compromising confidentiality. Although the likelihood of exploitation is low due to the nature of key and IV alterations, any applications that inadvertently fall victim to this issue could face serious security implications.",OpenSSL,OpenSSL,7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0 CVE-2023-4807,https://securityvulnerability.io/vulnerability/CVE-2023-4807,POLY1305 MAC implementation corrupts XMM registers on Windows,"The POLY1305 MAC implementation in OpenSSL has a flaw that may lead to internal state corruption in applications running on the Windows 64 platform, specifically on newer X86_64 processors that support AVX512-IFMA instructions. This issue arises when the MAC algorithm is employed in applications using OpenSSL. If an attacker manages to control whether POLY1305 MAC is invoked, it could result in corrupted application state, with varying consequences depending on the application’s dependency on XMM register contents. The problematic behavior occurs when processing data larger than 64 bytes, where non-volatile XMM registers are zeroed instead of restored. While potential outcomes range from harmless to critical, most likely impacts include erroneous computations or application crashes, potentially leading to denial of service. It's noteworthy that there is currently a lack of known affected applications. Workarounds include disabling AVX512-IFMA at runtime.",OpenSSL,OpenSSL,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-08T12:15:00.000Z,0 CVE-2023-3817,https://securityvulnerability.io/vulnerability/CVE-2023-3817,Excessive time spent checking DH q parameter value,"Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the ""-check"" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",OpenSSL,OpenSSL,5.3,MEDIUM,0.002630000002682209,false,,false,false,false,,,false,false,,2023-07-31T16:15:00.000Z,0 CVE-2023-3446,https://securityvulnerability.io/vulnerability/CVE-2023-3446,Excessive time spent checking DH keys and parameters,"Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",OpenSSL,OpenSSL,5.3,MEDIUM,0.0026599999982863665,false,,false,false,false,,,false,false,,2023-07-19T12:15:00.000Z,0 CVE-2023-2975,https://securityvulnerability.io/vulnerability/CVE-2023-2975,AES-SIV implementation ignores empty associated data entries,"Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue.",OpenSSL,OpenSSL,5.3,MEDIUM,0.00395999988541007,false,,false,false,false,,,false,false,,2023-07-14T12:15:00.000Z,0 CVE-2023-2650,https://securityvulnerability.io/vulnerability/CVE-2023-2650,Possible DoS translating ASN.1 object identifiers,"Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.",OpenSSL,OpenSSL,6.5,MEDIUM,0.0064500002190470695,false,,false,false,true,2023-06-05T17:40:59.000Z,true,false,false,,2023-05-30T14:15:00.000Z,0 CVE-2023-1255,https://securityvulnerability.io/vulnerability/CVE-2023-1255,Input buffer over-read in AES-XTS implementation on 64 bit ARM,"Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.",OpenSSL,OpenSSL,5.9,MEDIUM,0.001180000021122396,false,,false,false,false,,,false,false,,2023-04-20T17:15:00.000Z,0 CVE-2023-0466,https://securityvulnerability.io/vulnerability/CVE-2023-0466,Certificate policy check not enabled,"The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.",OpenSSL,OpenSSL,5.3,MEDIUM,0.0047900001518428326,false,,false,false,false,,,false,false,,2023-03-28T15:15:00.000Z,0 CVE-2023-0465,https://securityvulnerability.io/vulnerability/CVE-2023-0465,Invalid certificate policies in leaf certificates are silently ignored,"Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.",OpenSSL,OpenSSL,5.3,MEDIUM,0.004679999779909849,false,,false,false,false,,,false,false,,2023-03-28T15:15:00.000Z,0 CVE-2023-0464,https://securityvulnerability.io/vulnerability/CVE-2023-0464,Excessive Resource Usage Verifying X.509 Policy Constraints,"A vulnerability has been identified in the OpenSSL library affecting all supported versions, specifically concerning the verification of X.509 certificate chains with policy constraints. If exploited, this vulnerability can allow attackers to create a malicious certificate chain, leading to excessive computational resource usage and potentially causing denial-of-service (DoS) attacks. Policy processing is off by default but can be activated using certain command line utilities, creating a risk pathway for capable adversaries. It is crucial for organizations using OpenSSL to stay informed and apply necessary patches to mitigate this risk.",OpenSSL,OpenSSL,7.5,HIGH,0.015599999576807022,false,,false,false,true,2023-04-24T06:40:37.000Z,true,false,false,,2023-03-22T17:15:00.000Z,0