- openssl_3.0.2-0ubuntu1.10 ()
- 3.0.2-0ubuntu1.19
- 2025-03-11 00:30:10
- CVE CVE-2023-2975, CVSSv2 Score: 5.3
- Description:
AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries
- Patch: openssl/3.0.2/CVE-2023-2975.patch
- CVE CVE-2023-3446, CVSSv2 Score: 5.3
- Description:
Fix DH_check() excessive time with over sized modulus
- Patch: openssl/3.0.2/CVE-2023-3446.patch
- CVE CVE-2023-3446, CVSSv2 Score: 5.3
- Description:
Fix DH_check() excessive time with over sized modulus
- Patch: openssl/3.0.2/CVE-2023-3446-adapt.patch
- CVE CVE-2023-3817, CVSSv2 Score: 5.3
- Description:
Skip checking q properties in DH_check() if it is obviously invalid
- Patch: openssl/3.0.2/CVE-2023-3817.patch
- CVE CVE-2023-5363, CVSSv2 Score: 5.3
- Description:
Incorrect cipher key and IV length processing
- Patch: openssl/3.0.2/CVE-2023-5363-1.patch
- CVE CVE-2023-5363, CVSSv2 Score: 5.3
- Description:
Incorrect cipher key and IV length processing
- Patch: openssl/3.0.2/CVE-2023-5363-2.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
OpenSSL flaw in long X9.42 DH keys processing may cause slowdowns, risking denial of service
- Patch: openssl/3.0.2/CVE-2023-5678.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
OpenSSL flaw in long X9.42 DH keys processing may cause slowdowns, risking denial of service
- Patch: openssl/3.0.2/CVE-2023-5678-adapt.patch
- CVE CVE-2023-6237, CVSSv2 Score: 5.9
- Description:
A vulnerability in OpenSSL's EVP_PKEY_public_check() function for RSA public keys can lead to denial of service if it processes a key with a prime modulus from an untrusted source, causing prolonged computation
- Patch: openssl/3.0.2/CVE-2023-6237.patch
- CVE CVE-2024-0727, CVSSv2 Score: 3.3
- Description:
Setting ContentInfo fields to null, despite valid "type", may cause null dereference error, risking denial of service
- Patch: openssl/3.0.2/CVE-2024-0727.patch
- CVE CVE-2024-2511, CVSSv2 Score: 3.7
- Description:
Unbounded memory growth with session handling in TLSv1.3
- Patch: openssl/3.0.2/CVE-2024-2511.patch
- CVE CVE-2024-4603, CVSSv2 Score: 5.3
- Description:
Excessive time spent checking DSA keys and parameters
- Patch: openssl/3.0.2/CVE-2024-4603.patch
- CVE CVE-2024-4741, CVSSv2 Score: 5.6
- Description:
Use After Free with SSL_free_buffers
- Patch: openssl/3.0.2/CVE-2024-4741.patch
- CVE CVE-2024-5535, CVSSv2 Score: 5.9
- Description:
SSL_select_next_proto buffer overread
- Patch: openssl/3.0.2/CVE-2024-5535.patch
- CVE CVE-2024-6119, CVSSv2 Score: 5.9
- Description:
Possible denial of service in X.509 name checks
- Patch: openssl/3.0.2/CVE-2024-6119.patch
- CVE CVE-2024-9143, CVSSv2 Score: 4.3
- Description:
Low-level invalid GF(2^m) parameters lead to OOB memory access
- Patch: openssl/1.1.1w/CVE-2024-9143.patch
- CVE CVE-2024-13176, CVSSv2 Score: 4.7
- Description:
Timing side-channel in ECDSA signature computation
- Patch: openssl/3.0.2/CVE-2024-13176.patch