- openssl_1.1.1f-1ubuntu2 ()
- 1.1.1f-1ubuntu2.24
- 2025-04-28 09:00:09
- CVE CVE-2020-1971, CVSSv2 Score: 5.9
- Description:
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. Th$
- Patch: openssl/1.1.1/CVE-2020-1971/0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch
- CVE CVE-2020-1971, CVSSv2 Score: 5.9
- Description:
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. Th$
- Patch: openssl/1.1.1/CVE-2020-1971/0002-kpatch-adapt-DirectoryString-is-a-CHOICE-type-and-th.patch
- CVE CVE-2020-1971, CVSSv2 Score: 5.9
- Description:
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. Th$
- Patch: openssl/1.1.1/CVE-2020-1971/0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
- CVE CVE-2020-1971, CVSSv2 Score: 5.9
- Description:
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. Th$
- Patch: openssl/1.1.1/CVE-2020-1971/0005-Add-a-test-for-GENERAL_NAME_cmp.patch
- CVE CVE-2021-23840, CVSSv2 Score: 7.5
- Description:
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases $
- Patch: openssl/1.1.1f/CVE-2021-23840.patch
- CVE CVE-2021-23841, CVSSv2 Score: 5.9
- Description:
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors tha$
- Patch: openssl/1.1.1f/CVE-2021-23841.patch
- CVE CVE-2021-23840, CVSSv2 Score: 7.5
- Description:
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases $
- Patch: openssl/1.1.1f/adapt-CVE-2021-23840.patch
- CVE CVE-2021-3449, CVSSv2 Score: 5.9
- Description:
A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability
- Patch: openssl/1.1.1f/CVE-2021-3449-1.patch
- CVE CVE-2021-3449, CVSSv2 Score: 5.9
- Description:
A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extensio$
- Patch: openssl/1.1.1f/CVE-2021-3449-2.patch
- CVE CVE-2021-3449, CVSSv2 Score: 5.9
- Description:
A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extensio$
- Patch: openssl/1.1.1f/CVE-2021-3449-3.patch
- CVE CVE-2021-3449, CVSSv2 Score: 5.9
- Description:
A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extensio$
- Patch: openssl/1.1.1f/CVE-2021-3449-4.patch
- CVE N/A, CVSSv2 Score:
- Description:
- Patch: openssl/1.1.1f/lp-1926254-1-Allow-certificates-with-Basic-Constraints-CA-fa.patch
- CVE N/A, CVSSv2 Score:
- Description:
- Patch: openssl/1.1.1f/lp-1926254-2-Set-X509_V_ERR_INVALID_EXTENSION-error-for-inva.patch
- CVE N/A, CVSSv2 Score:
- Description:
- Patch: openssl/1.1.1f/lp-1926254-3-Add-test-cases-for-the-non-CA-certificate-with-.patch
- CVE CVE-2021-3711, CVSSv2 Score: N/A
- Description:
Correctly calculate the length of SM2 plaintext given the ciphertext
- Patch: openssl/1.1.1f/CVE-2021-3711.patch
- CVE CVE-2021-3712, CVSSv2 Score: N/A
- Description:
Fix asn1 string length
- Patch: openssl/1.1.1f/CVE-2021-3712.patch
- CVE CVE-2022-0778, CVSSv2 Score: 7.5
- Description:
A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters
- Patch: openssl/1.1.1f/CVE-2022-0778-1.patch
- CVE CVE-2022-0778, CVSSv2 Score: 7.5
- Description:
A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters
- Patch: openssl/1.1.1f/CVE-2022-0778-2.patch
- CVE CVE-2022-0778, CVSSv2 Score: 7.5
- Description:
A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters
- Patch: openssl/1.1.1f/CVE-2022-0778-3.patch
- CVE CVE-2022-4450, CVSSv2 Score: 5.9
- Description:
double free after calling PEM_read_bio_ex
- Patch: openssl/1.1.1f/CVE-2022-4450-1.patch
- CVE CVE-2022-4450, CVSSv2 Score: 5.9
- Description:
double free after calling PEM_read_bio_ex
- Patch: openssl/1.1.1f/CVE-2022-4450-2.patch
- CVE CVE-2023-0215, CVSSv2 Score: 5.9
- Description:
use-after-free following BIO_new_NDEF
- Patch: openssl/1.1.1f/CVE-2023-0215-1.patch
- CVE CVE-2023-0215, CVSSv2 Score: 5.9
- Description:
use-after-free following BIO_new_NDEF
- Patch: openssl/1.1.1f/CVE-2023-0215-2.patch
- CVE CVE-2023-0286, CVSSv2 Score: 7.4
- Description:
X.400 address type confusion in X.509 GeneralName
- Patch: openssl/1.1.1f/CVE-2023-0286.patch
- CVE CVE-2023-0464, CVSSv2 Score: 5.9
- Description:
Denial of service by excessive resource usage in verifying X509 policy constraints
- Patch: openssl/1.1.1f/CVE-2023-0464-1.patch
- CVE CVE-2023-0464, CVSSv2 Score: 5.9
- Description:
Denial of service by excessive resource usage in verifying X509 policy constraints
- Patch: openssl/1.1.1f/CVE-2023-0464-1.adapt.patch
- CVE CVE-2023-0464, CVSSv2 Score: 5.9
- Description:
Denial of service by excessive resource usage in verifying X509 policy constraints
- Patch: openssl/1.1.1f/CVE-2023-0464-2.patch
- CVE CVE-2023-0464, CVSSv2 Score: 5.9
- Description:
Denial of service by excessive resource usage in verifying X509 policy constraints
- Patch: openssl/1.1.1f/CVE-2023-0464-3.patch
- CVE CVE-2023-0465, CVSSv2 Score: 5.3
- Description:
Invalid certificate policies in leaf certificates are silently ignored
- Patch: openssl/1.1.1f/CVE-2023-0465-1.patch
- CVE CVE-2023-0465, CVSSv2 Score: 5.3
- Description:
Invalid certificate policies in leaf certificates are silently ignored
- Patch: openssl/1.1.1f/CVE-2023-0465-2.patch
- CVE CVE-2023-0465, CVSSv2 Score: 5.3
- Description:
Invalid certificate policies in leaf certificates are silently ignored
- Patch: openssl/1.1.1f/CVE-2023-0465-3.patch
- CVE CVE-2022-4304, CVSSv2 Score: 5.9
- Description:
timing attack in RSA Decryption implementation
- Patch: openssl/1.1.1f/CVE-2022-4304-1.patch
- CVE CVE-2022-4304, CVSSv2 Score: 5.9
- Description:
timing attack in RSA Decryption implementation
- Patch: openssl/1.1.1f/CVE-2022-4304-2.patch
- CVE CVE-2023-2650, CVSSv2 Score: 5.9
- Description:
A possible denial of service while translating ASN.1 object identifiers
- Patch: openssl/1.1.1f/CVE-2023-2650.patch
- CVE CVE-2023-3446, CVSSv2 Score: 5.3
- Description:
Fix DH_check() excessive time with over sized modulus
- Patch: openssl/1.1.1f/CVE-2023-3446.patch
- CVE CVE-2023-3446, CVSSv2 Score: 5.3
- Description:
Fix DH_check() excessive time with over sized modulus
- Patch: openssl/1.1.1f/adapt-CVE-2023-3446.patch
- CVE CVE-2023-3817, CVSSv2 Score: 5.3
- Description:
Skip checking q properties in DH_check() if it is obviously invalid
- Patch: openssl/1.1.1f/CVE-2023-3817.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
OpenSSL flaw in long X9.42 DH keys processing may cause slowdowns, risking denial of service
- Patch: openssl/1.1.1f/CVE-2023-5678.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
OpenSSL flaw in long X9.42 DH keys processing may cause slowdowns, risking denial of service
- Patch: openssl/1.1.1f/CVE-2023-5678-adapt.patch
- CVE CVE-2024-0727, CVSSv2 Score: 3.3
- Description:
Setting ContentInfo fields to null, despite valid "type", may cause null dereference error, risking denial of service
- Patch: openssl/1.1.1f/CVE-2024-0727.patch
- CVE CVE-2024-2511, CVSSv2 Score: 3.7
- Description:
A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service
- Patch: openssl/1.1.1f/CVE-2024-2511.patch
- CVE CVE-2024-4741, CVSSv2 Score: 5.6
- Description:
A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.
- Patch: openssl/1.1.1f/CVE-2024-4741.patch
- CVE CVE-2024-5535, CVSSv2 Score: 5.9
- Description:
A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list.
- Patch: openssl/1.1.1f/CVE-2024-5535.patch
- CVE CVE-2024-9143, CVSSv2 Score: 4.3
- Description:
Low-level invalid GF(2^m) parameters lead to OOB memory access
- Patch: openssl/1.1.1w/CVE-2024-9143.patch
- CVE CVE-2024-13176, CVSSv2 Score: 4.7
- Description:
Timing side-channel in ECDSA signature computation
- Patch: openssl/1.1.1f/CVE-2024-13176.patch