openssl-libs (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package openssl-libs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2024-5535 — CVSS 9.1 (critical): Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or…
CVE-2026-45447 — CVSS 8.8 (high): Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification…
CVE-2022-0778 — CVSS 7.5 (high): The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli…
CVE-2022-4450 — CVSS 7.5 (high): The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the…
CVE-2023-0215 — CVSS 7.5 (high): The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to…
CVE-2024-4741 — CVSS 7.5 (high): Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some…
CVE-2025-9230 — CVSS 7.5 (high): Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read…
CVE-2023-0286 — CVSS 7.4 (high): There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an…
CVE-2025-69419 — CVSS 7.4 (high): Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2022-1292 — CVSS 7.3 (high): The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some…
CVE-2022-4304 — CVSS 5.9 (medium): A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a…
CVE-2023-3446 — CVSS 5.3 (medium): Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions…
CVE-2022-2097 — CVSS 5.3 (medium): AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under…
CVE-2023-5678 — CVSS 5.3 (medium): Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact…
CVE-2023-3817 — CVSS 5.3 (medium): Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions…