openssl vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the openssl package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

*
  • L
Information Exposure

*
  • L
Use After Free

*
  • L
CVE-2024-4603

*
  • L
Resource Exhaustion

*
  • L
NULL Pointer Dereference

*
  • L
Reversible One-Way Hash

*
  • L
Missing Required Cryptographic Step

*
  • L
Excessive Iteration

*
  • L
Resource Exhaustion

*
  • M
Resource Exhaustion

*
  • L
Improper Certificate Validation

*
  • L
Improper Certificate Validation

*
  • L
Resource Exhaustion

*
  • M
Use After Free

*
  • L
NULL Pointer Dereference

*
  • M
Arbitrary Command Injection

*
  • M
Arbitrary Command Injection

*
  • M
Out-of-bounds Read

*
  • H
Improper Handling of Length Parameter Inconsistency

<0:1.0.1e-16.el6_5.7
  • H
NULL Pointer Dereference

<0:1.0.1e-16.el6_5.4
  • H
Cryptographic Issues

<0:1.0.1e-16.el6_5.4
  • H
Cryptographic Issues

<0:1.0.1e-16.el6_5.4
  • M
Use of a Broken or Risky Cryptographic Algorithm

*
  • M
Integer Overflow or Wraparound

<0:1.0.1e-48.el6_8.4
  • M
Resource Exhaustion

<0:1.0.1e-48.el6_8.4
  • M
Cryptographic Issues

<0:1.0.0-27.el6_4.2
  • M
Cryptographic Issues

<0:1.0.0-27.el6_4.2
  • M
Cryptographic Issues

<0:1.0.0-27.el6_4.2
  • H
Integer Overflow or Wraparound

<0:1.0.1e-48.el6_8.3
  • H
Out-of-bounds Read

<0:1.0.1e-48.el6_8.3
  • H
Missing Release of Resource after Effective Lifetime

<0:1.0.1e-48.el6_8.3
  • H
Resource Exhaustion

<0:1.0.1e-48.el6_8.3
  • H
Out-of-bounds Read

<0:1.0.1e-48.el6_8.3
  • H
Covert Timing Channel

<0:1.0.1e-48.el6_8.3
  • H
Improper Input Validation

<0:1.0.1e-48.el6_8.3
  • H
Unchecked Error Condition

<0:1.0.1e-48.el6_8.3
  • H
Integer Overflow or Wraparound

<0:1.0.1e-48.el6_8.3
  • H
Improper Input Validation

<0:1.0.1e-48.el6_8.1
  • H
Integer Overflow or Wraparound

<0:1.0.1e-48.el6_8.1
  • H
Out-of-bounds Write

<0:1.0.1e-48.el6_8.1
  • H
Out-of-Bounds

<0:1.0.1e-48.el6_8.1
  • H
Out-of-bounds Write

<0:1.0.1e-48.el6_8.1
  • H
Integer Overflow or Wraparound

<0:1.0.1e-48.el6_8.1
  • H
Cryptographic Issues

<0:1.0.1e-48.el6_8.1
  • H
Information Exposure

<0:1.0.1e-42.el6_7.4
  • H
Cryptographic Issues

<0:1.0.1e-42.el6_7.4
  • H
CVE-2016-0797

<0:1.0.1e-42.el6_7.4
  • H
CVE-2016-0705

<0:1.0.1e-42.el6_7.4
  • H
Cryptographic Issues

<0:1.0.1e-42.el6_7.4
  • M
Improper Data Handling

<0:1.0.1e-42.el6_7.2
  • M
Integer Overflow or Wraparound

<0:1.0.0-20.el6_2.5
  • M
Race Condition

<0:1.0.1e-42.el6_7.1
  • M
CVE-2015-3194

<0:1.0.1e-42.el6_7.1
  • M
Memory Leak

<0:1.0.1e-42.el6_7.1
  • H
Incorrect Conversion between Numeric Types

<0:1.0.0-20.el6_2.4
  • M
Cryptographic Issues

<0:1.0.0-20.el6_2.3
  • M
NULL Pointer Dereference

<0:1.0.0-20.el6_2.3
  • M
Resource Management Errors

<0:1.0.0-20.el6_2.1
  • M
Resource Management Errors

<0:1.0.0-20.el6_2.1
  • M
Cryptographic Issues

<0:1.0.0-20.el6_2.1
  • M
Cryptographic Issues

<0:1.0.0-20.el6_2.1
  • M
Access Restriction Bypass

<0:1.0.0-10.el6_1.5
  • M
Improper Input Validation

*
  • M
Out-of-Bounds

<0:1.0.1e-30.el6_6.11
  • M
Numeric Errors

<0:1.0.1e-30.el6_6.11
  • M
Use of a Broken or Risky Cryptographic Algorithm

<0:1.0.1e-30.el6_6.9
  • M
Resource Management Errors

<0:1.0.0-10.el6
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:1.0.1e-30.el6_6.11
  • M
CVE-2015-1790

<0:1.0.1e-30.el6_6.11
  • M
Use of a Broken or Risky Cryptographic Algorithm

*
  • M
Out-of-bounds Read

<0:1.0.1e-30.el6_6.11
  • M
Race Condition

<0:1.0.1e-30.el6_6.11
  • M
Reachable Assertion

<0:1.0.1e-30.el6_6.7
  • M
Integer Overflow or Wraparound

<0:1.0.1e-30.el6_6.7
  • M
Out-of-bounds Write

<0:1.0.1e-30.el6_6.7
  • M
Untrusted Pointer Dereference

<0:1.0.1e-30.el6_6.7
  • M
Information Exposure

<0:1.0.1e-30.el6_6.7
  • M
Use After Free

<0:1.0.1e-30.el6_6.7
  • M
NULL Pointer Dereference

<0:1.0.1e-30.el6_6.7
  • M
NULL Pointer Dereference

<0:1.0.1e-30.el6_6.7
  • M
Information Exposure

<0:1.0.1e-30.el6_6.7
  • M
Cryptographic Issues

<0:1.0.1e-30.el6_6.5
  • M
Cryptographic Issues

<0:1.0.1e-30.el6_6.5
  • M
Use of a Broken or Risky Cryptographic Algorithm

<0:1.0.1e-30.el6_6.5
  • M
Cryptographic Issues

<0:1.0.1e-30.el6_6.5
  • M
Cryptographic Issues

<0:1.0.1e-30.el6_6.5
  • M
CVE-2014-3571

<0:1.0.1e-30.el6_6.5
  • M
Memory Leak

<0:1.0.1e-30.el6_6.5
  • H
Improper Synchronization

<0:1.0.0-4.el6_0.1
  • M
NULL Pointer Dereference

<0:1.0.1e-16.el6_5.15
  • H
Memory Leak

<0:1.0.1e-30.el6_6.2
  • H
Memory Leak

<0:1.0.1e-30.el6_6.2
  • M
CVE-2010-4180

<0:1.0.0-4.el6_0.2
  • M
Missing Authorization

<0:1.0.1e-16.el6_5.15
  • M
Memory Leak

<0:1.0.1e-16.el6_5.15
  • M
Race Condition

<0:1.0.1e-16.el6_5.15
  • M
Detection of Error Condition Without Action

<0:1.0.1e-16.el6_5.15
  • M
Information Exposure

<0:1.0.1e-16.el6_5.15
  • M
Operation on a Resource after Expiration or Release

<0:1.0.1e-16.el6_5.15
  • H
NULL Pointer Dereference

<0:1.0.1e-16.el6_5.14
  • H
Out-of-Bounds

<0:1.0.1e-16.el6_5.14
  • L
Inadequate Encryption Strength

*
  • H
Use After Free

<0:1.0.1e-16.el6_5.14
  • H
Improper Enforcement of Behavioral Workflow

<0:1.0.1e-16.el6_5.14
  • H
Resource Exhaustion

<0:1.0.1e-16.el6_5.14
  • H
NULL Pointer Dereference

<0:1.0.1e-16.el6_5.14
  • L
Improper Certificate Validation

*
  • L
Information Exposure

*
  • M
Client-Side Enforcement of Server-Side Security

*
  • L
Covert Timing Channel

*
  • L
Covert Timing Channel

*
  • M
Uncontrolled Recursion

*
  • M
Information Exposure

*
  • L
Covert Timing Channel

*
  • M
Missing Required Cryptographic Step

*
  • L
Out-of-bounds Read

*
  • M
Covert Timing Channel

*
  • M
NULL Pointer Dereference

*
  • L
Covert Timing Channel

*
  • M
Inadequate Encryption Strength

*
  • M
Missing Required Cryptographic Step

<0:1.0.1e-58.el6_10
  • L
Access Restriction Bypass

*
  • M
Information Exposure

*