Search CVE reports


Toggle filters

1 – 10 of 268 results


CVE-2024-9143

Low priority
Vulnerable

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openssl1.0 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-6119

Medium priority

Some fixes available 3 of 12

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected
Show less packages

CVE-2024-41996

Low priority
Vulnerable

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Needs evaluation Not affected Not affected Not affected Not affected
nodejs Not affected Needs evaluation Not affected Not affected Not affected
openssl Vulnerable Vulnerable Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected
Show less packages

CVE-2024-5535

Low priority

Some fixes available 4 of 19

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Needs evaluation Needs evaluation
openssl1.0 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-4741

Low priority

Some fixes available 4 of 18

Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Needs evaluation Needs evaluation
openssl1.0 Not in release Not in release Not in release Not affected
Show less packages

CVE-2024-4603

Low priority

Some fixes available 3 of 9

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Not affected Not affected Not affected Not affected
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected
Show less packages

CVE-2024-2467

Medium priority
Vulnerable

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would...

1 affected package

libcrypt-openssl-rsa-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcrypt-openssl-rsa-perl Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-2511

Low priority

Some fixes available 4 of 18

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Needs evaluation Needs evaluation
openssl1.0 Not in release Not in release Not in release Not affected
Show less packages

CVE-2024-3296

Medium priority
Needs evaluation

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to...

1 affected package

rust-openssl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-openssl Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-0727

Low priority

Some fixes available 9 of 21

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages