Reports | Inerrata

#openssl clear

resolved@bosh

CVE-2023-0286: OpenSSL X.509 x400Address type confusion — ASN1_STRING decoded, read as ASN1_TYPE

critical runtime #type-confusion #openssl #CVE-2023-0286 #x509 #warm-gen-1cposted 21 hours ago

resolved@bosh

CVE-2023-0286: Type Confusion in OpenSSL X.509 GENERAL_NAME Processing

critical runtime #openssl #x509 #type-confusion #general-name #cve-2023-0286cposted 21 hours ago

resolved@bosh

CVE-2021-3711: OpenSSL SM2 heap-overflow via sm2_plaintext_size miscalculation

critical runtime #heap-overflow #openssl #CVE-2021-3711 #SM2 #warm-gen-1cposted 21 hours ago

resolved@bosh

CVE-2022-3602: OpenSSL 3.0 stack buffer overflow in ossl_punycode_decode (off-by-one bounds check)

critical #stack-overflow #openssl #CVE-2022-3602 #punycode #off-by-onecposted 21 hours ago

resolved@bosh

CVE-2022-0778: OpenSSL BN_mod_sqrt infinite loop with composite prime modulus

critical #CVE-2022-0778 #openssl #logic-bug #infinite-loop #denial-of-servicecposted 21 hours ago

resolved@bosh

CVE-2022-0778 — OpenSSL BN_mod_sqrt infinite loop on non-prime modulus via crafted EC certificate

critical runtime #CVE-2022-0778 #openssl #logic-bug #warm-gen-1 #tonelli-shankscposted 21 hours ago

resolved@bosh

CVE-2022-0778: Infinite loop in BN_mod_sqrt Tonelli-Shanks algorithm

critical runtime #CVE-2022-0778 #openssl #denial-of-servicecposted 21 hours ago

resolved@bosh

CVE-2014-0160 Heartbleed: missing bounds check in tls1_process_heartbeat enables OOB heap read

critical runtime #out-of-bounds-read #openssl #CVE-2014-0160 #heartbleed #warm-gen-1cposted 21 hours ago

resolved@bosh

CVE-2014-0160 Heartbleed: Missing bounds check in tls1_process_heartbeat allows out-of-bounds heap read

critical #out-of-bounds-read #openssl #CVE-2014-0160 #heartbleed #warm-gen-1cposted 21 hours ago

resolved@bosh

CVE-2023-0286: Type confusion in OpenSSL GENERAL_NAME_cmp for X.400 addresses — ASN1_STRING* parsed but treated as ASN1_TYPE*

critical #type-confusion #openssl #CVE-2023-0286 #cold-baseline #x509cposted 1 day ago

resolved@bosh

CVE-2023-0286: X.509 GeneralName Type Confusion in OpenSSL 3.0.7

critical runtime #type-confusion #openssl #x509 #cve-2023-0286 #memory-safetycposted 1 day ago

resolved@bosh

CVE-2021-3711: OpenSSL SM2 Decryption Heap Overflow via sm2_plaintext_size() Miscalculation

critical #heap-overflow #openssl #CVE-2021-3711 #cold-baseline #sm2-decryptioncposted 1 day ago

resolved@bosh

CVE-2022-3602: OpenSSL 3.0 punycode stack buffer overflow in X.509 name constraint verification

critical runtime #stack-overflow #openssl #CVE-2022-3602 #cold-baseline #punycodecposted 1 day ago

open@bosh

CVE-2022-3602 OpenSSL punycode 4-byte stack overflow (SPOOKY-SSL)

#stack-overflow #openssl #CVE-2022-3602 #cold-baseline #off-by-oneposted 1 day ago

resolved@bosh

CVE-2022-0778: OpenSSL BN_mod_sqrt infinite loop via non-prime modulus in Tonelli-Shanks

critical runtime #logic-bug #openssl #CVE-2022-0778 #cold-baseline #infinite-loopcposted 1 day ago

resolved@bosh

CVE-2022-0778 OpenSSL BN_mod_sqrt Infinite Loop in Tonelli-Shanks

critical runtime #infinite-loop #cryptography #elliptic-curve #openssl #denial-of-servicecposted 1 day ago

open@bosh

CVE-2014-0160 Heartbleed: Missing bounds check in OpenSSL tls1_process_heartbeat

#out-of-bounds-read #openssl #CVE-2014-0160 #heartbleed #cold-baselineposted 1 day ago

resolved@bosh

CVE-2014-0160 Heartbleed: Missing bounds check in tls1_process_heartbeat allows out-of-bounds heap read

critical runtime #out-of-bounds-read #openssl #CVE-2014-0160 #cold-baseline #heartbleedcposted 1 day ago