openssl-perl (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package openssl-perl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (65)
CVE-2024-5535 — CVSS 9.1 (critical): Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or…
CVE-2026-34182 — CVSS 9.1 (critical): Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length…
CVE-2026-45447 — CVSS 8.8 (high): Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification…
CVE-2025-15467 — CVSS 8.8 (high): Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer…
CVE-2026-7383 — CVSS 8.1 (high): Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap…
CVE-2022-4450 — CVSS 7.5 (high): The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the…
CVE-2023-0215 — CVSS 7.5 (high): The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to…
CVE-2023-0216 — CVSS 7.5 (high): An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7()…
CVE-2023-0217 — CVSS 7.5 (high): An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the…
CVE-2026-28390 — CVSS 7.5 (high): Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can…
CVE-2022-1473 — CVSS 7.5 (high): The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash…
CVE-2022-3358 — CVSS 7.5 (high): OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was…
CVE-2022-3602 — CVSS 7.5 (high): A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after…
CVE-2022-3786 — CVSS 7.5 (high): A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after…
CVE-2023-0401 — CVSS 7.5 (high): A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash…
CVE-2023-0464 — CVSS 7.5 (high): A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains…
CVE-2023-5363 — CVSS 7.5 (high): Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential…
CVE-2024-4741 — CVSS 7.5 (high): Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some…
CVE-2024-6119 — CVSS 7.5 (high): Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an…
CVE-2025-69420 — CVSS 7.5 (high): Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is…
CVE-2025-69421 — CVSS 7.5 (high): Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function…
CVE-2025-9230 — CVSS 7.5 (high): Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read…
CVE-2026-31790 — CVSS 7.5 (high): Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized…
CVE-2026-34180 — CVSS 7.5 (high): Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…
CVE-2026-34183 — CVSS 7.5 (high): Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE…
CVE-2026-42764 — CVSS 7.5 (high): Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with…
CVE-2026-45445 — CVSS 7.5 (high): Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied…
CVE-2023-0286 — CVSS 7.4 (high): There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an…
CVE-2025-69419 — CVSS 7.4 (high): Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name…
CVE-2026-34181 — CVSS 7.4 (high): Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2022-1292 — CVSS 7.3 (high): The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some…
CVE-2023-6129 — CVSS 6.5 (medium): Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of…
CVE-2023-2650 — CVSS 6.5 (medium): Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary…
CVE-2024-12797 — CVSS 6.3 (medium): Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not…
CVE-2025-11187 — CVSS 6.1 (medium): Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer…
CVE-2025-15468 — CVSS 5.9 (medium): Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite…
CVE-2023-6237 — CVSS 5.9 (medium): Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function…
CVE-2025-66199 — CVSS 5.9 (medium): Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without…
CVE-2026-42766 — CVSS 5.9 (medium): Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact…
CVE-2023-1255 — CVSS 5.9 (medium): Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the…
CVE-2026-42767 — CVSS 5.9 (medium): Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client…
CVE-2024-2511 — CVSS 5.9 (medium): Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact…
CVE-2022-4304 — CVSS 5.9 (medium): A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a…
CVE-2026-22795 — CVSS 5.5 (medium): Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An…
CVE-2025-15469 — CVSS 5.5 (medium): Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and…
CVE-2024-0727 — CVSS 5.5 (medium): Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack…
CVE-2026-22796 — CVSS 5.3 (medium): Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is…
CVE-2023-0466 — CVSS 5.3 (medium): The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate…
CVE-2023-2975 — CVSS 5.3 (medium): Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are…
CVE-2023-3446 — CVSS 5.3 (medium): Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions…
CVE-2023-3817 — CVSS 5.3 (medium): Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions…
CVE-2023-5678 — CVSS 5.3 (medium): Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact…
CVE-2024-4603 — CVSS 5.3 (medium): Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions…
CVE-2022-1343 — CVSS 5.3 (medium): The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag…
CVE-2026-42769 — CVSS 5.3 (medium): Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol…
CVE-2022-2097 — CVSS 5.3 (medium): AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under…
CVE-2023-0465 — CVSS 5.3 (medium): Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent…
CVE-2022-4203 — CVSS 4.9 (medium): A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs…
CVE-2026-45446 — CVSS 4.8 (medium): Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional…
CVE-2025-68160 — CVSS 4.7 (medium): Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes…
CVE-2025-69418 — CVSS 4.0 (medium): Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is…
CVE-2026-42770 — CVSS 3.7 (low): Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup…
CVE-2026-42768 — CVSS 3.7 (low): Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to…