Search CVE reports
111 – 120 of 191 results
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
4 affected packages
openssl, edk2, nodejs, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | — | Not affected | Not affected | Not affected |
| edk2 | — | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory)....
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | — | Fixed | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
| nodejs | — | Not affected | Not affected | Not affected |
| edk2 | — | Not affected | Not affected | Not affected |
Some fixes available 16 of 20
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Not affected | Needs evaluation | Fixed | Needs evaluation |
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected |
| openssl | — | — | Not affected | Not affected |
| openssl1.0 | — | — | Not in release | Not affected |
Some fixes available 16 of 17
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial...
10 affected packages
postgresql-9.3, openssl, openssl1.0, nodejs, edk2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
| postgresql-13 | Not in release | Not in release | Not in release | Not in release |
| postgresql-12 | Not in release | Not in release | Fixed | Not in release |
| postgresql-10 | Not in release | Not in release | Not in release | Fixed |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release |
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected |
| openssl | — | — | Fixed | Fixed |
| openssl1.0 | — | — | Not in release | Fixed |
Some fixes available 17 of 21
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Not affected | Not affected | Fixed | Vulnerable |
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an...
4 affected packages
openssl1.0, edk2, nodejs, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl1.0 | — | — | Not in release | Not affected |
| edk2 | — | — | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected |
| openssl | — | — | Not affected | Not affected |