Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd libressl vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-35784
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL prior to 3.6.3 and 3.7.x prior to 3.7.3. NOTE: OpenSSL is not affected.
Openbsd Openbsd 7.2
Openbsd Libressl
Openbsd Openbsd 7.3
9.8
CVSSv3
CVE-2021-46880
x509/x509_verify.c in LibreSSL prior to 3.4.2, and OpenBSD prior to 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
Openbsd Openbsd
Openbsd Libressl
5.3
CVSSv3
CVE-2022-48437
An issue exists in x509/x509_verify.c in LibreSSL prior to 3.6.1, and in OpenBSD prior to 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there...
Openbsd Openbsd
Openbsd Libressl
5.5
CVSSv3
CVE-2021-41581
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL up to and including 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
Openbsd Libressl
7.1
CVSSv3
CVE-2019-25048
LibreSSL 2.9.1 up to and including 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
Openbsd Libressl
7.1
CVSSv3
CVE-2019-25049
LibreSSL 2.9.1 up to and including 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
Openbsd Libressl
7.5
CVSSv3
CVE-2015-5333
Memory leak in the OBJ_obj2txt function in LibreSSL prior to 2.3.1 allows remote malicious users to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
Openbsd Libressl
Opensuse Opensuse 13.2
1 Article
9.8
CVSSv3
CVE-2015-5334
Off-by-one error in the OBJ_obj2txt function in LibreSSL prior to 2.3.1 allows remote malicious users to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerab...
Openbsd Libressl
Opensuse Opensuse 13.2
1 Article
4.7
CVSSv3
CVE-2018-12434
LibreSSL prior to 2.6.5 and 2.7.x prior to 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on...
Openbsd Libressl 2.7.0
Openbsd Libressl 2.7.3
Openbsd Libressl 2.7.2
Openbsd Libressl 2.7.1
Openbsd Libressl
7.4
CVSSv3
CVE-2018-8970
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 prior to 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle malicious users ...
Openbsd Libressl 2.7.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »