openssl (SUSE:Linux Enterprise Server for SAP Applications 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP3 package openssl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (20)
CVE-2021-23840 — CVSS 7.5 (high): Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input…
CVE-2022-0778 — CVSS 7.5 (high): The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli…
CVE-2018-0732 — CVSS 7.5 (high): During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client…
CVE-2021-3712 — CVSS 7.4 (high): ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2022-1292 — CVSS 7.3 (high): The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some…
CVE-2018-0739 — CVSS 6.5 (medium): Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input…
CVE-2017-3736 — CVSS 6.5 (medium): There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC…
CVE-2018-0737 — CVSS 5.9 (medium): The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient…
CVE-2018-0734 — CVSS 5.9 (medium): The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in…
CVE-2017-3737 — CVSS 5.9 (medium): OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a…
CVE-2019-1559 — CVSS 5.9 (medium): If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive…
CVE-2017-3738 — CVSS 5.9 (medium): There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are…
CVE-2020-1971 — CVSS 5.9 (medium): The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName…
CVE-2021-23841 — CVSS 5.9 (medium): The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number…
CVE-2019-1551 — CVSS 5.3 (medium): There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are…
CVE-2017-3735 — CVSS 5.3 (medium): While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an…
CVE-2019-1547 — CVSS 4.7 (medium): Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some…
CVE-2018-5407 — CVSS 4.7 (medium): Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel…
CVE-2019-1563 — CVSS 3.7 (low): In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after…