Search CVE reports
21 – 30 of 74 results
CVE-2023-0464
Low prioritySome fixes available 11 of 21
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | — | Not in release | Not in release | Fixed | Not in release |
CVE-2023-0401
Medium priorityA NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | Not affected | Not affected | Not affected | Not affected |
nodejs | — | Fixed | Not affected | Not affected | Not affected |
openssl | — | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2023-0286
High prioritySome fixes available 12 of 18
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | — | Not in release | Not in release | Fixed | Not in release |
CVE-2023-0217
Medium priorityAn invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | Not affected | Not affected | Not affected | Not affected |
nodejs | — | Not affected | Not affected | Not affected | Not affected |
openssl | — | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2023-0216
Medium priorityAn invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | Not affected | Not affected | Not affected | Not affected |
nodejs | — | Not affected | Not affected | Not affected | Not affected |
openssl | — | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2023-0215
Medium prioritySome fixes available 12 of 18
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | — | Not in release | Not in release | Fixed | Not in release |
CVE-2022-4450
Medium prioritySome fixes available 9 of 15
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Fixed | Fixed | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-4304
Medium prioritySome fixes available 9 of 18
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Fixed | Fixed | Ignored |
openssl1.0 | — | Not in release | Not in release | Ignored | Not in release |
CVE-2022-4203
Medium priorityA read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | Not affected | Not affected | Not affected | Not affected |
nodejs | — | Not affected | Not affected | Not affected | Not affected |
openssl | — | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3996
Low prioritySome fixes available 6 of 7
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |