openssl-1_0_0 (SUSE:Linux Enterprise Module for Legacy 15 SP7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Legacy 15 SP7 package openssl-1_0_0, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2026-31789 — CVSS 9.8 (critical): Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit…
CVE-2026-45447 — CVSS 8.8 (high): Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification…
CVE-2026-7383 — CVSS 8.1 (high): Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap…
CVE-2026-28387 — CVSS 8.1 (high): Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE…
CVE-2026-28388 — CVSS 7.5 (high): Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the…
CVE-2026-28389 — CVSS 7.5 (high): Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen…
CVE-2026-31790 — CVSS 7.5 (high): Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized…
CVE-2026-34180 — CVSS 7.5 (high): Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause…
CVE-2025-69420 — CVSS 7.5 (high): Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is…
CVE-2025-69421 — CVSS 7.5 (high): Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function…
CVE-2025-9230 — CVSS 7.5 (high): Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read…
CVE-2026-42766 — CVSS 5.9 (medium): Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact…
CVE-2026-22796 — CVSS 5.3 (medium): Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is…
CVE-2025-68160 — CVSS 4.7 (medium): Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes…