openssl-3 (SUSE:Linux Enterprise Module for Basesystem 15 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP4 package openssl-3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (29)
CVE-2022-4450 — CVSS 7.5 (high): The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the…
CVE-2023-0216 — CVSS 7.5 (high): An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7()…
CVE-2023-0464 — CVSS 7.5 (high): A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains…
CVE-2022-1473 — CVSS 7.5 (high): The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash…
CVE-2023-5363 — CVSS 7.5 (high): Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential…
CVE-2023-0401 — CVSS 7.5 (high): A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash…
CVE-2022-3358 — CVSS 7.5 (high): OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was…
CVE-2022-3602 — CVSS 7.5 (high): A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after…
CVE-2022-3786 — CVSS 7.5 (high): A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after…
CVE-2022-3996 — CVSS 7.5 (high): If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice…
CVE-2022-40735 — CVSS 7.5 (high): The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive…
CVE-2023-0215 — CVSS 7.5 (high): The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to…
CVE-2023-0217 — CVSS 7.5 (high): An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the…
CVE-2023-0286 — CVSS 7.4 (high): There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an…
CVE-2022-1292 — CVSS 7.3 (high): The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2023-2650 — CVSS 6.5 (medium): Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary…
CVE-2022-4304 — CVSS 5.9 (medium): A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a…
CVE-2022-1434 — CVSS 5.9 (medium): The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially…
CVE-2023-1255 — CVSS 5.9 (medium): Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the…
CVE-2022-1343 — CVSS 5.3 (medium): The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag…
CVE-2023-0466 — CVSS 5.3 (medium): The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate…
CVE-2023-5678 — CVSS 5.3 (medium): Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact…
CVE-2023-0465 — CVSS 5.3 (medium): Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent…
CVE-2023-2975 — CVSS 5.3 (medium): Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are…
CVE-2023-3446 — CVSS 5.3 (medium): Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions…
CVE-2023-3817 — CVSS 5.3 (medium): Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions…
CVE-2022-2097 — CVSS 5.3 (medium): AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under…
CVE-2022-4203 — CVSS 4.9 (medium): A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs…