- openssl-3.0.7-17.el9_2 ()
- 3.2.2-6.el9_5.1
- 2025-06-02 15:37:58
- CVE CVE-2023-2975, CVSSv2 Score: 5.3
- Description:
AES-SIV implementation ignores empty associated data entries
- Patch: openssl/3.0.7/CVE-2023-2975.patch
- CVE CVE-2023-3446, CVSSv2 Score: 5.3
- Description:
Excessive time spent checking DH keys and parameters
- Patch: openssl/3.0.7/CVE-2023-3446.patch
- CVE CVE-2023-3817, CVSSv2 Score: 5.3
- Description:
Excessive time spent checking DH q parameter value
- Patch: openssl/3.0.7/CVE-2023-3817.patch
- CVE CVE-2023-5363, CVSSv2 Score: 7.5
- Description:
Fix incorrect cipher key and IV length processing
- Patch: openssl/3.0.7/CVE-2023-5363.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
Excessive time spent in DH check / generation with large Q parameter value
- Patch: openssl/3.0.7/CVE-2023-5678.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
OpenSSL flaw in long X9.42 DH keys processing may cause slowdowns, risking denial of service
- Patch: openssl/3.0.2/CVE-2023-5678-adapt.patch
- CVE CVE-2023-6237, CVSSv2 Score: 5.9
- Description:
Excessive time spent checking invalid RSA public keys
- Patch: openssl/3.0.7/CVE-2023-6237.patch
- CVE CVE-2024-0727, CVSSv2 Score: 5.5
- Description:
PKCS12 Decoding crashes
- Patch: openssl/3.0.7/CVE-2024-0727.patch
- CVE CVE-2024-2511, CVSSv2 Score: 3.7
- Description:
Unbounded memory growth with session handling in TLSv1.3
- Patch: openssl/3.0.2/CVE-2024-2511.patch
- CVE CVE-2024-4603, CVSSv2 Score: 5.3
- Description:
Excessive time spent checking DSA keys and parameters
- Patch: openssl/3.0.2/CVE-2024-4603.patch
- CVE CVE-2024-4741, CVSSv2 Score: 5.6
- Description:
Use After Free with SSL_free_buffers
- Patch: openssl/3.0.2/CVE-2024-4741.patch
- CVE CVE-2024-5535, CVSSv2 Score: 9.1
- Description:
SSL_select_next_proto buffer overread - Fix SSL_select_next_proto
- Patch: openssl/3.0.15/CVE-2024-5535-1.patch
- CVE CVE-2024-5535, CVSSv2 Score: 9.1
- Description:
SSL_select_next_proto buffer overread - More correctly handle a selected_len of 0 when processing NPN
- Patch: openssl/3.0.15/CVE-2024-5535-2.patch
- CVE CVE-2024-5535, CVSSv2 Score: 9.1
- Description:
SSL_select_next_proto buffer overread - Add a test for SSL_select_next_proto
- Patch: openssl/3.0.15/CVE-2024-5535-3-adapted-rhel9-307.patch
- CVE CVE-2024-5535, CVSSv2 Score: 9.1
- Description:
SSL_select_next_proto buffer overread - Allow an empty NPN/ALPN protocol list in the tests
- Patch: openssl/3.0.15/CVE-2024-5535-4.patch
- CVE CVE-2024-5535, CVSSv2 Score: 9.1
- Description:
SSL_select_next_proto buffer overread - Correct return values for tls_construct_stoc_next_proto_neg
- Patch: openssl/3.0.15/CVE-2024-5535-5.patch
- CVE CVE-2024-5535, CVSSv2 Score: 9.1
- Description:
SSL_select_next_proto buffer overread - Add ALPN validation in the client
- Patch: openssl/3.0.15/CVE-2024-5535-6.patch
- CVE CVE-2024-5535, CVSSv2 Score: 9.1
- Description:
SSL_select_next_proto buffer overread - Add a test for SSL_select_next_proto
- Patch: openssl/3.0.15/CVE-2024-5535-7-adapted-rhel9-307.patch
- CVE CVE-2024-5535, CVSSv2 Score: 9.1
- Description:
SSL_select_next_proto buffer overread - Add a test for an empty NextProto message
- Patch: openssl/3.0.15/CVE-2024-5535-8.patch
- CVE CVE-2024-6119, CVSSv2 Score: 5.9
- Description:
Possible denial of service in X.509 name checks
- Patch: openssl/3.0.7/0136-CVE-2024-6119.patch