Search CVE reports
1 – 10 of 304 results
Some fixes available 3 of 5
Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 3 of 5
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 3 of 16
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Vulnerable | Vulnerable |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 3 of 16
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Vulnerable | Vulnerable |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 3 of 17
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Vulnerable | Vulnerable |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 3 of 14
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Vulnerable | Vulnerable |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl-fips | Not affected | Not affected | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes,...
1 affected package
pyopenssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pyopenssl | Fixed | Not affected | Not affected | Not affected |
Some fixes available 3 of 7
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in...
1 affected package
pyopenssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pyopenssl | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 1 of 2
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl-fips | Not affected | Not affected | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |