- openssl_3.0.2-0ubuntu1.8 ()
- 3.0.2-0ubuntu1.14
- 2024-04-04 18:30:09
- CVE CVE-2023-0464, CVSSv2 Score: 5.9
- Description:
Denial of service by excessive resource usage in verifying X509 policy constraints
- Patch: openssl/3.0.2/CVE-2023-0464-1.patch
- CVE CVE-2023-0464, CVSSv2 Score: 5.9
- Description:
Denial of service by excessive resource usage in verifying X509 policy constraints
- Patch: openssl/3.0.2/CVE-2023-0464-1-adapt.patch
- CVE CVE-2023-0464, CVSSv2 Score: 5.9
- Description:
Denial of service by excessive resource usage in verifying X509 policy constraints
- Patch: openssl/3.0.2/CVE-2023-0464-2.patch
- CVE CVE-2023-0464, CVSSv2 Score: 5.9
- Description:
Denial of service by excessive resource usage in verifying X509 policy constraints
- Patch: openssl/3.0.2/CVE-2023-0464-3.patch
- CVE CVE-2023-0465, CVSSv2 Score: 5.3
- Description:
A flaw when malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether
- Patch: openssl/3.0.2/CVE-2023-0465-1.patch
- CVE CVE-2023-0465, CVSSv2 Score: 5.3
- Description:
A flaw when malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether
- Patch: openssl/3.0.2/CVE-2023-0465-2.patch
- CVE CVE-2023-0465, CVSSv2 Score: 5.3
- Description:
A flaw when malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether
- Patch: openssl/3.0.2/CVE-2023-0465-3.patch
- CVE CVE-2023-0466, CVSSv2 Score: 5.3
- Description:
A flaw allowing certificates with invalid or incorrect policies to pass the certificate verification
- Patch: openssl/3.0.2/CVE-2023-0466.patch
- CVE CVE-2022-4304, CVSSv2 Score: 5.9
- Description:
fix timing attack to RSA decryption
- Patch: openssl/3.0.2/CVE-2022-4304.patch.old
- CVE CVE-2022-4304, CVSSv2 Score: 5.9
- Description:
fix timing attack to RSA decryption
- Patch: openssl/3.0.2/CVE-2022-4304.patch
- CVE CVE-2023-1255, CVSSv2 Score: 5.1
- Description:
Applications that use the AES-XTS algorithm on the 64-bit ARM platform can crash in rare circumstances
- Patch: openssl/3.0.2/CVE-2023-1255.patch
- CVE CVE-2023-2650, CVSSv2 Score: 6.5
- Description:
Possible denial of service while translating ASN.1 object identifiers
- Patch: openssl/3.0.2/CVE-2023-2650.patch
- CVE CVE-2023-2975, CVSSv2 Score: 5.3
- Description:
AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries
- Patch: openssl/3.0.2/CVE-2023-2975.patch
- CVE CVE-2023-3446, CVSSv2 Score: 5.3
- Description:
Fix DH_check() excessive time with over sized modulus
- Patch: openssl/3.0.2/CVE-2023-3446.patch
- CVE CVE-2023-3446, CVSSv2 Score: 5.3
- Description:
Fix DH_check() excessive time with over sized modulus
- Patch: openssl/3.0.2/CVE-2023-3446-adapt.patch
- CVE CVE-2023-3817, CVSSv2 Score: 5.3
- Description:
Skip checking q properties in DH_check() if it is obviously invalid
- Patch: openssl/3.0.2/CVE-2023-3817.patch
- CVE CVE-2023-5363, CVSSv2 Score: 5.3
- Description:
Incorrect cipher key and IV length processing
- Patch: openssl/3.0.2/CVE-2023-5363-1.patch
- CVE CVE-2023-5363, CVSSv2 Score: 5.3
- Description:
Incorrect cipher key and IV length processing
- Patch: openssl/3.0.2/CVE-2023-5363-2.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
OpenSSL flaw in long X9.42 DH keys processing may cause slowdowns, risking denial of service
- Patch: openssl/3.0.2/CVE-2023-5678.patch
- CVE CVE-2023-5678, CVSSv2 Score: 5.3
- Description:
OpenSSL flaw in long X9.42 DH keys processing may cause slowdowns, risking denial of service
- Patch: openssl/3.0.2/CVE-2023-5678-adapt.patch
- CVE CVE-2023-6129, CVSSv2 Score: 6.5
- Description:
A security flaw in OpenSSL's POLY1305 MAC implementation for PowerPC CPU platforms using vector instructions can corrupt application states, potentially causing crashes and denial of service if exploited.
- Patch: openssl/3.0.2/CVE-2023-6129.patch
- CVE CVE-2023-6237, CVSSv2 Score: 5.9
- Description:
A vulnerability in OpenSSL's EVP_PKEY_public_check() function for RSA public keys can lead to denial of service if it processes a key with a prime modulus from an untrusted source, causing prolonged computation
- Patch: openssl/3.0.2/CVE-2023-6237.patch
- CVE CVE-2024-0727, CVSSv2 Score: 3.3
- Description:
Setting ContentInfo fields to null, despite valid "type", may cause null dereference error, risking denial of service
- Patch: openssl/3.0.2/CVE-2024-0727.patch