Skip to main content

Libressl

6 CVEs product

Monthly

CVE-2023-35784 CRITICAL PATCH Act Now

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Libressl Openbsd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-41581 MEDIUM POC This Month

x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libressl
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2018-12434 MEDIUM This Month

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Libressl
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-8970 HIGH PATCH This Week

The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Libressl
NVD GitHub
CVSS 3.0
7.4
EPSS
1.1%
CVE-2017-8301 MEDIUM PATCH This Month

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Nginx Information Disclosure Libressl
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2014-9424 HIGH This Week

Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libressl
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Libressl +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libressl
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Libressl
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Libressl
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Nginx Information Disclosure Libressl
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libressl
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy