openssl vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the openssl package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Improper Validation of Specified Type of Input	*
L Access of Resource Using Incompatible Type ('Type Confusion')	*
L Access of Resource Using Incompatible Type ('Type Confusion')	*
M Incorrect Calculation of Buffer Size	*
L Out-of-bounds Write	*
L NULL Pointer Dereference	*
L NULL Pointer Dereference	*
L Improper Validation of Specified Quantity in Input	*
L Allocation of Resources Without Limits or Throttling	*
L Missing Required Cryptographic Step	*
M Improper Handling of Parameters	*
M Out-of-bounds Write	<1:1.1.1k-14.el8_10
L Information Exposure	<1:1.1.1k-12.el8_9
L Improper Certificate Validation	*
L Covert Timing Channel	*
L Information Exposure	<1:1.1.1k-14.el8_6
L Use After Free	*
L Resource Exhaustion	*
L NULL Pointer Dereference	*
L Missing Required Cryptographic Step	<1:1.1.1k-12.el8_9
L Excessive Iteration	<1:1.1.1k-12.el8_9
L Resource Exhaustion	<1:1.1.1k-12.el8_9
L Resource Exhaustion	*
M Improper Certificate Validation	*
L Improper Certificate Validation	*
L Resource Exhaustion	*
H Incorrect Type Conversion or Cast	<1:1.1.1k-9.el8_7
H Use After Free	<1:1.1.1k-9.el8_7
H Double Free	<1:1.1.1k-9.el8_7
H Information Exposure	<1:1.1.1k-9.el8_7
M Missing Required Cryptographic Step	<1:1.1.1k-7.el8_6
M Arbitrary Command Injection	<1:1.1.1k-7.el8_6
M Arbitrary Command Injection	<1:1.1.1k-7.el8_6
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1:1.1.1k-6.el8_5
M Out-of-bounds Read	<1:1.1.1k-5.el8_5
H Improper Certificate Validation	<1:1.1.1g-15.el8_3
H NULL Pointer Dereference	<1:1.1.1g-15.el8_3
M Information Exposure	<1:1.1.1c-15.el8
H NULL Pointer Dereference	<1:1.1.1g-12.el8_3
L Reusing a Nonce	<1:1.1.1c-2.el8
M Information Exposure	<1:1.1.1c-15.el8
L Integer Overflow or Wraparound	<1:1.1.1g-11.el8
M Client-Side Enforcement of Server-Side Security	<1:1.1.1c-15.el8
L Covert Timing Channel	<1:1.1.1c-2.el8
L Covert Timing Channel	<1:1.1.1c-2.el8
M Integer Overflow or Wraparound	<1:1.1.1k-4.el8
M NULL Pointer Dereference	<1:1.1.1k-4.el8

Vulnerability

Vulnerable Version

Improper Validation of Specified Type of Input