Package Instance

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0216

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164497
reference_id	2164497
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164497

reference_url

reference_id

CVE-2023-0216

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0216

reference_url

https://github.com/advisories/GHSA-29xx-hcv2-c4cp

reference_id

GHSA-29xx-hcv2-c4cp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-29xx-hcv2-c4cp

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.8-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.8-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-0216, GHSA-29xx-hcv2-c4cp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ggt-ugh5-jqeu

url VCID-1r3e-8nb4-nyaa

vulnerability_id VCID-1r3e-8nb4-nyaa

summary

Multiple vulnerabilities have been found in OpenSSL that can result
    in either Denial of Service or information disclosure.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0290.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0290.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0290

reference_id

reference_type

scores

value	0.32562
scoring_system	epss
scoring_elements	0.96832
published_at	2026-04-01T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.9684
published_at	2026-04-02T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96841
published_at	2026-04-04T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96845
published_at	2026-04-07T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96854
published_at	2026-04-08T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96855
published_at	2026-04-09T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96858
published_at	2026-04-11T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96859
published_at	2026-04-12T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.9686
published_at	2026-04-13T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96867
published_at	2026-04-16T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96871
published_at	2026-04-18T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96873
published_at	2026-04-21T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96874
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0290

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1202345
reference_id	1202345
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1202345

reference_url	https://security.gentoo.org/glsa/201503-11
reference_id	GLSA-201503-11
reference_type
scores
url	https://security.gentoo.org/glsa/201503-11

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2015-0290

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1r3e-8nb4-nyaa

url VCID-2by2-tzdd-kkc7

vulnerability_id VCID-2by2-tzdd-kkc7

summary

Out-of-bounds Write
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU provides vector instructions.

Impact summary: If an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences.

The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs restores the contents of vector registers in a different order
than they are saved. Thus the contents of some of these vector registers
are corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.

The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However unless the compiler uses the vector registers for storing
pointers, the most likely consequence, if any, would be an incorrect result
of some application dependent calculations or a crash leading to a denial of
service.

The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3. If this cipher is enabled on the server a malicious
client can influence whether this AEAD cipher is used. This implies that
TLS server applications using OpenSSL can be potentially impacted. However
we are currently not aware of any concrete application that would be affected
by this issue therefore we consider this a Low severity security issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6129.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6129.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6129

reference_id

reference_type

scores

value	0.02502
scoring_system	epss
scoring_elements	0.85285
published_at	2026-04-02T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85386
published_at	2026-04-24T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85303
published_at	2026-04-04T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85305
published_at	2026-04-07T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85327
published_at	2026-04-08T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85336
published_at	2026-04-09T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85349
published_at	2026-04-11T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85348
published_at	2026-04-12T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85344
published_at	2026-04-13T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85364
published_at	2026-04-16T12:55:00Z

value	0.02502
scoring_system	epss
scoring_elements	0.85366
published_at	2026-04-18T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85565
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6129

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/

url

https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35

reference_url

https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/

url

https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04

reference_url

https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/

url

https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015

reference_url

https://www.openssl.org/news/secadv/20240109.txt

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/

url

https://www.openssl.org/news/secadv/20240109.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060347
reference_id	1060347
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060347

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2257571
reference_id	2257571
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2257571

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-6129
reference_id	CVE-2023-6129
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-6129

reference_url	https://access.redhat.com/errata/RHSA-2024:2447
reference_id	RHSA-2024:2447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2447

reference_url	https://access.redhat.com/errata/RHSA-2024:9088
reference_id	RHSA-2024:9088
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9088

reference_url	https://usn.ubuntu.com/6622-1/
reference_id	USN-6622-1
reference_type
scores
url	https://usn.ubuntu.com/6622-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.13-1~deb12u1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.13-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.13-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.1.5-1?distro=trixie
purl	pkg:deb/debian/openssl@3.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.1.5-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-6129

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2by2-tzdd-kkc7

url VCID-38zm-z6ta-9bcm

vulnerability_id VCID-38zm-z6ta-9bcm

summary

Multiple vulnerabilities have been found in OpenSSL, the worst of
    which allows attackers to conduct a time based side-channel attack.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

reference_url	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2176.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2176

reference_id

reference_type

scores

value	0.07788
scoring_system	epss
scoring_elements	0.91984
published_at	2026-04-24T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91979
published_at	2026-04-21T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91928
published_at	2026-04-01T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91936
published_at	2026-04-02T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91944
published_at	2026-04-04T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.9195
published_at	2026-04-07T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91963
published_at	2026-04-08T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91968
published_at	2026-04-09T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91971
published_at	2026-04-11T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.9197
published_at	2026-04-12T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91967
published_at	2026-04-13T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91986
published_at	2026-04-16T12:55:00Z

value	0.07788
scoring_system	epss
scoring_elements	0.91983
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2176

reference_url	https://bto.bluecoat.com/security-advisory/sa123
reference_id
reference_type
scores
url	https://bto.bluecoat.com/security-advisory/sa123

reference_url	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
reference_id
reference_type
scores
url	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

reference_url	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561
reference_id
reference_type
scores
url	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561

reference_url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us

reference_url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us

reference_url	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
reference_id
reference_type
scores
url	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10160

reference_url	https://security.netapp.com/advisory/ntap-20160504-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20160504-0001/

reference_url	https://support.apple.com/HT206903
reference_id
reference_type
scores
url	https://support.apple.com/HT206903

reference_url	https://www.openssl.org/news/secadv/20160503.txt
reference_id
reference_type
scores
url	https://www.openssl.org/news/secadv/20160503.txt

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
reference_id
reference_type
scores
url	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.securityfocus.com/bid/89746
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/89746

reference_url	http://www.securityfocus.com/bid/91787
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91787

reference_url	http://www.securitytracker.com/id/1035721
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035721

reference_url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
reference_id
reference_type
scores
url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1331563
reference_id	1331563
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1331563

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
reference_id	cpe:2.3:a:openssl:openssl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.2a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.2b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.2c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2d:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.2d:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2d:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2e:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.2e:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2e:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2f:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.2f:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2f:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2g:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.2g:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2g:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2176

reference_id

CVE-2016-2176

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2176

reference_url	https://security.gentoo.org/glsa/201612-16
reference_id	GLSA-201612-16
reference_type
scores
url	https://security.gentoo.org/glsa/201612-16

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2016-2176

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38zm-z6ta-9bcm

url VCID-3dej-wqvv-muhe

vulnerability_id VCID-3dej-wqvv-muhe

summary Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3358

reference_id

reference_type

scores

value	0.19455
scoring_system	epss
scoring_elements	0.95382
published_at	2026-04-09T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95404
published_at	2026-04-24T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95401
published_at	2026-04-18T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95397
published_at	2026-04-16T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95389
published_at	2026-04-13T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95361
published_at	2026-04-02T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95368
published_at	2026-04-04T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95372
published_at	2026-04-07T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95379
published_at	2026-04-08T12:55:00Z

value	0.19455
scoring_system	epss
scoring_elements	0.95387
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3358

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3358

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3358

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023

reference_url

https://rustsec.org/advisories/RUSTSEC-2022-0059.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2022-0059.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221028-0014

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221028-0014

reference_url	https://security.netapp.com/advisory/ntap-20221028-0014/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221028-0014/

reference_url

https://www.openssl.org/news/secadv/20221011.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20221011.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620
reference_id	1021620
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2134740
reference_id	2134740
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2134740

reference_url

https://github.com/advisories/GHSA-4f63-89w9-3jjv

reference_id

GHSA-4f63-89w9-3jjv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4f63-89w9-3jjv

reference_url	https://access.redhat.com/errata/RHSA-2023:2523
reference_id	RHSA-2023:2523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2523

reference_url	https://usn.ubuntu.com/5710-1/
reference_id	USN-5710-1
reference_type
scores
url	https://usn.ubuntu.com/5710-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.7-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.7-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2022-3358, GHSA-4f63-89w9-3jjv

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3dej-wqvv-muhe

url VCID-3u2b-yumu-rkcd

vulnerability_id VCID-3u2b-yumu-rkcd

summary openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15468.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15468.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-15468

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05649
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05609
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06085
published_at	2026-04-24T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05895
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05933
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05972
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05954
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05944
published_at	2026-04-12T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05935
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.059
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05911
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06062
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-15468

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65

reference_id

1f08e54bad32843044fe8a675948d65e3b4ece65

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:52:10Z/

url

https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65

reference_url

https://openssl-library.org/news/secadv/20260127.txt

reference_id

20260127.txt

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:52:10Z/

url

https://openssl-library.org/news/secadv/20260127.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2430377
reference_id	2430377
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2430377

reference_url

https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2

reference_id

7c88376731c589ee5b36116c5a6e32d5ae5f7ae2

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:52:10Z/

url

https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2

reference_url

https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4

reference_id

b2539639400288a4580fe2d76247541b976bade4

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:52:10Z/

url

https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4

reference_url

https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7

reference_id

d75b309879631d45b972396ce4e5102559c64ac7

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:52:10Z/

url

https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7

reference_url	https://access.redhat.com/errata/RHSA-2026:1472
reference_id	RHSA-2026:1472
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1472

reference_url	https://access.redhat.com/errata/RHSA-2026:1473
reference_id	RHSA-2026:1473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1473

reference_url	https://access.redhat.com/errata/RHSA-2026:1736
reference_id	RHSA-2026:1736
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1736

reference_url	https://access.redhat.com/errata/RHSA-2026:2485
reference_id	RHSA-2026:2485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2485

reference_url	https://access.redhat.com/errata/RHSA-2026:2563
reference_id	RHSA-2026:2563
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2563

reference_url	https://access.redhat.com/errata/RHSA-2026:3228
reference_id	RHSA-2026:3228
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3228

reference_url	https://access.redhat.com/errata/RHSA-2026:4943
reference_id	RHSA-2026:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4943

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/7980-1/
reference_id	USN-7980-1
reference_type
scores
url	https://usn.ubuntu.com/7980-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
purl	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.4-1~deb13u2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2025-15468

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3u2b-yumu-rkcd

url VCID-45qa-rf1u-kbd8

vulnerability_id VCID-45qa-rf1u-kbd8

summary openssl: incorrect error checking during CMS verification

references

reference_url	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
reference_id
reference_type
scores
url	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc

reference_url	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

reference_url	http://marc.info/?l=bugtraq&m=124464882609472&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=124464882609472&w=2

reference_url	http://marc.info/?l=bugtraq&m=127678688104458&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=127678688104458&w=2

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0591.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0591.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-0591

reference_id

reference_type

scores

value	0.02422
scoring_system	epss
scoring_elements	0.85177
published_at	2026-04-24T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.8506
published_at	2026-04-01T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85073
published_at	2026-04-02T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85091
published_at	2026-04-04T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85095
published_at	2026-04-07T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85116
published_at	2026-04-08T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85123
published_at	2026-04-09T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85138
published_at	2026-04-11T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85135
published_at	2026-04-12T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85132
published_at	2026-04-13T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85153
published_at	2026-04-16T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85156
published_at	2026-04-18T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85154
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-0591

reference_url	http://secunia.com/advisories/34411
reference_id
reference_type
scores
url	http://secunia.com/advisories/34411

reference_url	http://secunia.com/advisories/34460
reference_id
reference_type
scores
url	http://secunia.com/advisories/34460

reference_url	http://secunia.com/advisories/34666
reference_id
reference_type
scores
url	http://secunia.com/advisories/34666

reference_url	http://secunia.com/advisories/35065
reference_id
reference_type
scores
url	http://secunia.com/advisories/35065

reference_url	http://secunia.com/advisories/35380
reference_id
reference_type
scores
url	http://secunia.com/advisories/35380

reference_url	http://secunia.com/advisories/35729
reference_id
reference_type
scores
url	http://secunia.com/advisories/35729

reference_url	http://secunia.com/advisories/36701
reference_id
reference_type
scores
url	http://secunia.com/advisories/36701

reference_url	http://secunia.com/advisories/42724
reference_id
reference_type
scores
url	http://secunia.com/advisories/42724

reference_url	http://secunia.com/advisories/42733
reference_id
reference_type
scores
url	http://secunia.com/advisories/42733

reference_url	http://securitytracker.com/id?1021907
reference_id
reference_type
scores
url	http://securitytracker.com/id?1021907

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/49432
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/49432

reference_url	https://kb.bluecoat.com/index?page=content&id=SA50
reference_id
reference_type
scores
url	https://kb.bluecoat.com/index?page=content&id=SA50

reference_url	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
reference_id
reference_type
scores
url	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

reference_url	http://support.apple.com/kb/HT3865
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT3865

reference_url	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
reference_id
reference_type
scores
url	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

reference_url	http://www.openssl.org/news/secadv_20090325.txt
reference_id
reference_type
scores
url	http://www.openssl.org/news/secadv_20090325.txt

reference_url	http://www.osvdb.org/52865
reference_id
reference_type
scores
url	http://www.osvdb.org/52865

reference_url	http://www.php.net/archive/2009.php#id2009-04-08-1
reference_id
reference_type
scores
url	http://www.php.net/archive/2009.php#id2009-04-08-1

reference_url	http://www.securityfocus.com/bid/34256
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/34256

reference_url	http://www.vupen.com/english/advisories/2009/0850
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/0850

reference_url	http://www.vupen.com/english/advisories/2009/1020
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1020

reference_url	http://www.vupen.com/english/advisories/2009/1175
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1175

reference_url	http://www.vupen.com/english/advisories/2009/1548
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1548

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=492623
reference_id	492623
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=492623

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-0591

reference_id

CVE-2009-0591

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2009-0591

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2009-0591

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45qa-rf1u-kbd8

url VCID-491w-a5n6-7ufp

vulnerability_id VCID-491w-a5n6-7ufp

summary openssl: Insecure path defaults vulnerability in mingw builds

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1552.json

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1552.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-1552

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22077
published_at	2026-04-24T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22227
published_at	2026-04-21T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30865
published_at	2026-04-04T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30743
published_at	2026-04-08T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30775
published_at	2026-04-09T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30778
published_at	2026-04-11T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30734
published_at	2026-04-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30688
published_at	2026-04-13T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30712
published_at	2026-04-16T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30694
published_at	2026-04-18T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30685
published_at	2026-04-07T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30817
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1552

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1745637
reference_id	1745637
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1745637

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2019-1552

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-491w-a5n6-7ufp

url VCID-5791-w983-4bhn

vulnerability_id VCID-5791-w983-4bhn

summary openssl: Out-of-bounds read in HTTP client no_proxy handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9232.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9232.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9232

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10584
published_at	2026-04-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1056
published_at	2026-04-24T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10646
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10511
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10643
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10656
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10625
published_at	2026-04-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.106
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10466
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10484
published_at	2026-04-18T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1061
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9232

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://openssl-library.org/news/secadv/20250930.txt

reference_id

20250930.txt

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:22:31Z/

url

https://openssl-library.org/news/secadv/20250930.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2396056
reference_id	2396056
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2396056

reference_url

https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35

reference_id

2b4ec20e47959170422922eaff25346d362dcb35

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:22:31Z/

url

https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35

reference_url

https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b

reference_id

654dc11d23468a74fc8ea4672b702dd3feb7be4b

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:22:31Z/

url

https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b

reference_url

https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3

reference_id

7cf21a30513c9e43c4bc3836c237cf086e194af3

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:22:31Z/

url

https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3

reference_url

https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf

reference_id

89e790ac431125a4849992858490bed6b225eadf

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:22:31Z/

url

https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf

reference_url

https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0

reference_id

bbf38c034cdabd0a13330abcc4855c866f53d2e0

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:22:31Z/

url

https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/7786-1/
reference_id	USN-7786-1
reference_type
scores
url	https://usn.ubuntu.com/7786-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.17-1~deb12u3?distro=trixie
purl	pkg:deb/debian/openssl@3.0.17-1~deb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.17-1~deb12u3%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.1-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.1-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.1-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.4-1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.4-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2025-9232

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5791-w983-4bhn

url VCID-638m-dfwf-7bdv

vulnerability_id VCID-638m-dfwf-7bdv

summary openssl: Possible denial of service in X.509 name checks

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6119.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6119.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-6119

reference_id

reference_type

scores

value	0.05484
scoring_system	epss
scoring_elements	0.9024
published_at	2026-04-24T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90419
published_at	2026-04-21T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90368
published_at	2026-04-02T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.9038
published_at	2026-04-04T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90385
published_at	2026-04-07T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90398
published_at	2026-04-08T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90405
published_at	2026-04-09T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90413
published_at	2026-04-11T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90412
published_at	2026-04-12T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90406
published_at	2026-04-13T12:55:00Z

value	0.05692
scoring_system	epss
scoring_elements	0.90421
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-6119

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f

reference_id

05f360d9e849a1b277db628f1f13083a7f8dd04f

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:39Z/

url

https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f

reference_url

https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6

reference_id

06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:39Z/

url

https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2306158
reference_id	2306158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2306158

reference_url

https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2

reference_id

621f3729831b05ee828a3203eddb621d014ff2b2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:39Z/

url

https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2

reference_url

https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0

reference_id

7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:39Z/

url

https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0

reference_url	https://access.redhat.com/errata/RHSA-2024:10135
reference_id	RHSA-2024:10135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10135

reference_url	https://access.redhat.com/errata/RHSA-2024:11109
reference_id	RHSA-2024:11109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11109

reference_url	https://access.redhat.com/errata/RHSA-2024:6783
reference_id	RHSA-2024:6783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6783

reference_url	https://access.redhat.com/errata/RHSA-2024:7213
reference_id	RHSA-2024:7213
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7213

reference_url	https://access.redhat.com/errata/RHSA-2024:7599
reference_id	RHSA-2024:7599
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7599

reference_url	https://access.redhat.com/errata/RHSA-2024:8935
reference_id	RHSA-2024:8935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8935

reference_url	https://usn.ubuntu.com/6986-1/
reference_id	USN-6986-1
reference_type
scores
url	https://usn.ubuntu.com/6986-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.14-1~deb12u2?distro=trixie
purl	pkg:deb/debian/openssl@3.0.14-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.14-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.3.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.3.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.3.2-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2024-6119

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-638m-dfwf-7bdv

url VCID-6pd1-d9gx-kfc1

vulnerability_id VCID-6pd1-d9gx-kfc1

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4044.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4044.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-4044

reference_id

reference_type

scores

value	0.1758
scoring_system	epss
scoring_elements	0.95103
published_at	2026-04-18T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.95099
published_at	2026-04-16T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.9509
published_at	2026-04-13T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.95088
published_at	2026-04-12T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.95057
published_at	2026-04-01T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.9508
published_at	2026-04-09T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.95077
published_at	2026-04-08T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.9507
published_at	2026-04-07T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.95068
published_at	2026-04-04T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.95067
published_at	2026-04-02T12:55:00Z

value	0.1758
scoring_system	epss
scoring_elements	0.95086
published_at	2026-04-11T12:55:00Z

value	0.3328
scoring_system	epss
scoring_elements	0.96927
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-4044

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256

reference_url

https://rustsec.org/advisories/RUSTSEC-2021-0129.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2021-0129.html

reference_url

https://security.netapp.com/advisory/ntap-20211229-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20211229-0003

reference_url	https://security.netapp.com/advisory/ntap-20211229-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20211229-0003/

reference_url

https://www.openssl.org/news/secadv/20211214.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20211214.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2033761
reference_id	2033761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2033761

reference_url

https://security.archlinux.org/AVG-2641

reference_id

AVG-2641

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2641

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-4044

reference_id

CVE-2021-4044

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-4044

reference_url

https://github.com/advisories/GHSA-mmjf-f5jw-w72q

reference_id

GHSA-mmjf-f5jw-w72q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mmjf-f5jw-w72q

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2021-4044, GHSA-mmjf-f5jw-w72q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pd1-d9gx-kfc1

url VCID-6zka-x9q6-4fcy

vulnerability_id VCID-6zka-x9q6-4fcy

summary openssl: excessive allocation of memory in dtls1_preprocess_fragment()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6308.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6308.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6308

reference_id

reference_type

scores

value	0.19367
scoring_system	epss
scoring_elements	0.9534
published_at	2026-04-01T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95349
published_at	2026-04-02T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95356
published_at	2026-04-04T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.9536
published_at	2026-04-07T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95367
published_at	2026-04-08T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.9537
published_at	2026-04-09T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95374
published_at	2026-04-12T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95377
published_at	2026-04-13T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95384
published_at	2026-04-16T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95388
published_at	2026-04-18T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95391
published_at	2026-04-21T12:55:00Z

value	0.19367
scoring_system	epss
scoring_elements	0.95392
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6308

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1378208
reference_id	1378208
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1378208

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2016-6308

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6zka-x9q6-4fcy

url VCID-71yj-bmak-pkdu

vulnerability_id VCID-71yj-bmak-pkdu

summary Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.

references

reference_url

http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3602.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3602.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3602

reference_id

reference_type

scores

value	0.83219
scoring_system	epss
scoring_elements	0.99259
published_at	2026-04-02T12:55:00Z

value	0.83219
scoring_system	epss
scoring_elements	0.99271
published_at	2026-04-24T12:55:00Z

value	0.83219
scoring_system	epss
scoring_elements	0.99269
published_at	2026-04-18T12:55:00Z

value	0.83219
scoring_system	epss
scoring_elements	0.99268
published_at	2026-04-12T12:55:00Z

value	0.83219
scoring_system	epss
scoring_elements	0.99267
published_at	2026-04-13T12:55:00Z

value	0.83219
scoring_system	epss
scoring_elements	0.99266
published_at	2026-04-08T12:55:00Z

value	0.83219
scoring_system	epss
scoring_elements	0.99265
published_at	2026-04-07T12:55:00Z

value	0.83219
scoring_system	epss
scoring_elements	0.99262
published_at	2026-04-04T12:55:00Z

value	0.84357
scoring_system	epss
scoring_elements	0.99324
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3602

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3

reference_url

https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3602

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3602

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023

reference_url

https://rustsec.org/advisories/RUSTSEC-2022-0064.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2022-0064.html

reference_url

https://security.netapp.com/advisory/ntap-20221102-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221102-0001

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a

reference_url

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

reference_url	https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
reference_id
reference_type
scores
url	https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/15

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/15

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/16

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/16

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/17

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/17

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/18

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/18

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/19

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/19

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/20

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/21

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/24

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/1

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/10

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/11

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/12

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/12

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/13

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/13

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/14

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/14

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/15

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/15

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/2

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/3

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/5

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/6

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/7

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/02/9

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/1

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/10

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/11

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/2

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/3

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/5

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/6

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/7

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

http://www.openwall.com/lists/oss-security/2022/11/03/9

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2137723
reference_id	2137723
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2137723

reference_url

https://github.com/advisories/GHSA-8rwr-x37p-mx23

reference_id

GHSA-8rwr-x37p-mx23

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8rwr-x37p-mx23

reference_url

reference_id

GLSA-202211-01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28386.json

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:7288
reference_id	RHSA-2022:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7288

reference_url	https://access.redhat.com/errata/RHSA-2022:7384
reference_id	RHSA-2022:7384
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7384

reference_url	https://usn.ubuntu.com/5710-1/
reference_id	USN-5710-1
reference_type
scores
url	https://usn.ubuntu.com/5710-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.7-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.7-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2022-3602, GHSA-8rwr-x37p-mx23

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71yj-bmak-pkdu

url VCID-74wu-sup9-cybb

vulnerability_id VCID-74wu-sup9-cybb

summary

references

reference_url

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28386.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-28386

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.05044
published_at	2026-04-08T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.0506
published_at	2026-04-09T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15147
published_at	2026-04-21T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15809
published_at	2026-04-11T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15772
published_at	2026-04-12T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16112
published_at	2026-04-24T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20609
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20611
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20625
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-28386

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://openssl-library.org/news/secadv/20260407.txt

reference_id

20260407.txt

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:21Z/

url

https://openssl-library.org/news/secadv/20260407.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451099
reference_id	2451099
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451099

reference_url

https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621

reference_id

61f428a2fc6671ede184a19f71e6e495f0689621

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:21Z/

url

https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2026-28386

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74wu-sup9-cybb

url VCID-7f9q-mhsr-8bfq

vulnerability_id VCID-7f9q-mhsr-8bfq

summary openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2673.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2673.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2673

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04379
published_at	2026-04-24T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04363
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13801
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13857
published_at	2026-04-04T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13657
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1374
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1379
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13759
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13722
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13672
published_at	2026-04-13T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.14928
published_at	2026-04-18T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.14919
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2673

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130650
reference_id	1130650
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130650

reference_url

https://openssl-library.org/news/secadv/20260313.txt

reference_id

20260313.txt

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:17:17Z/

url

https://openssl-library.org/news/secadv/20260313.txt

reference_url

https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f

reference_id

2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:17:17Z/

url

https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2447327
reference_id	2447327
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2447327

reference_url

https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34

reference_id

85977e013f32ceb96aa034c0e741adddc1a05e34

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:17:17Z/

url

https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/8155-1/
reference_id	USN-8155-1
reference_type
scores
url	https://usn.ubuntu.com/8155-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.5-1~deb13u2?distro=trixie
purl	pkg:deb/debian/openssl@3.5.5-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2026-2673

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f9q-mhsr-8bfq

url VCID-8s28-acfa-kkhj

vulnerability_id VCID-8s28-acfa-kkhj

summary

NULL Pointer Dereference
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0217

reference_id

reference_type

scores

value	0.00557
scoring_system	epss
scoring_elements	0.68138
published_at	2026-04-04T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.6816
published_at	2026-04-13T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.68193
published_at	2026-04-12T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.68207
published_at	2026-04-11T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.6812
published_at	2026-04-02T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.68182
published_at	2026-04-09T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.68167
published_at	2026-04-08T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.68115
published_at	2026-04-07T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.6821
published_at	2026-04-18T12:55:00Z

value	0.00557
scoring_system	epss
scoring_elements	0.68199
published_at	2026-04-16T12:55:00Z

value	0.01029
scoring_system	epss
scoring_elements	0.77335
published_at	2026-04-21T12:55:00Z

value	0.01029
scoring_system	epss
scoring_elements	0.7737
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0217

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0012.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0012.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0217

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164499
reference_id	2164499
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164499

reference_url

reference_id

CVE-2023-0217

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0217

reference_url

https://github.com/advisories/GHSA-vxrh-cpg7-8vjr

reference_id

GHSA-vxrh-cpg7-8vjr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vxrh-cpg7-8vjr

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.8-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.8-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-0217, GHSA-vxrh-cpg7-8vjr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8s28-acfa-kkhj

url VCID-93qs-cwuv-13dc

vulnerability_id VCID-93qs-cwuv-13dc

summary OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

references

reference_url	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-1378

reference_id

reference_type

scores

value	0.00229
scoring_system	epss
scoring_elements	0.45575
published_at	2026-04-24T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45661
published_at	2026-04-21T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45573
published_at	2026-04-01T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45649
published_at	2026-04-02T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45668
published_at	2026-04-04T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45615
published_at	2026-04-07T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.4567
published_at	2026-04-08T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45666
published_at	2026-04-13T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45688
published_at	2026-04-11T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45658
published_at	2026-04-12T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45716
published_at	2026-04-16T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45711
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-1378

reference_url	http://support.apple.com/kb/HT4435
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT4435

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server::::::::
reference_id	cpe:2.3:o:apple:mac_os_x_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-1378

reference_id

CVE-2010-1378

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2010-1378

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2010-1378

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93qs-cwuv-13dc

url VCID-99xj-17z4-1qhe

vulnerability_id VCID-99xj-17z4-1qhe

summary

openssl-src heap memory corruption with RSA private key operation
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2274.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2274.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2274

reference_id

reference_type

scores

value	0.39689
scoring_system	epss
scoring_elements	0.97325
published_at	2026-04-21T12:55:00Z

value	0.39689
scoring_system	epss
scoring_elements	0.97324
published_at	2026-04-24T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97532
published_at	2026-04-13T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97531
published_at	2026-04-12T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97529
published_at	2026-04-11T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97526
published_at	2026-04-09T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97525
published_at	2026-04-08T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97519
published_at	2026-04-07T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97517
published_at	2026-04-04T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97514
published_at	2026-04-02T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.97542
published_at	2026-04-18T12:55:00Z

value	0.439
scoring_system	epss
scoring_elements	0.9754
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2274

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/issues/18625

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/openssl/openssl/issues/18625

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2274

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2274

reference_url

https://rustsec.org/advisories/RUSTSEC-2022-0033.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2022-0033.html

reference_url

https://security.netapp.com/advisory/ntap-20220715-0010

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220715-0010

reference_url	https://security.netapp.com/advisory/ntap-20220715-0010/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220715-0010/

reference_url

https://www.openssl.org/news/secadv/20220705.txt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20220705.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013441
reference_id	1013441
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013441

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2102943
reference_id	2102943
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2102943

reference_url

https://github.com/advisories/GHSA-735f-pg76-fxc4

reference_id

GHSA-735f-pg76-fxc4

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-735f-pg76-fxc4

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.4-2?distro=trixie
purl	pkg:deb/debian/openssl@3.0.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.4-2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2022-2274, GHSA-735f-pg76-fxc4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99xj-17z4-1qhe

url VCID-9b9g-yngp-7kd7

vulnerability_id VCID-9b9g-yngp-7kd7

summary openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15469.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15469.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-15469

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00295
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00423
published_at	2026-04-24T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00402
published_at	2026-04-08T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00403
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.004
published_at	2026-04-12T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00398
published_at	2026-04-13T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00392
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00396
published_at	2026-04-18T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00422
published_at	2026-04-21T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00292
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00405
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-15469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://openssl-library.org/news/secadv/20260127.txt

reference_id

20260127.txt

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:54:00Z/

url

https://openssl-library.org/news/secadv/20260127.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2430378
reference_id	2430378
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2430378

reference_url

https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f

reference_id

310f305eb92ea8040d6b3cb75a5feeba8e6acf2f

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:54:00Z/

url

https://github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f

reference_url

https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61

reference_id

a7936fa4bd23c906e1955a16a0a0ab39a4953a61

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:54:00Z/

url

https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61

reference_url	https://access.redhat.com/errata/RHSA-2026:1472
reference_id	RHSA-2026:1472
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1472

reference_url	https://access.redhat.com/errata/RHSA-2026:1473
reference_id	RHSA-2026:1473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1473

reference_url	https://access.redhat.com/errata/RHSA-2026:1736
reference_id	RHSA-2026:1736
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1736

reference_url	https://access.redhat.com/errata/RHSA-2026:2485
reference_id	RHSA-2026:2485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2485

reference_url	https://access.redhat.com/errata/RHSA-2026:2563
reference_id	RHSA-2026:2563
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2563

reference_url	https://access.redhat.com/errata/RHSA-2026:3228
reference_id	RHSA-2026:3228
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3228

reference_url	https://access.redhat.com/errata/RHSA-2026:4943
reference_id	RHSA-2026:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4943

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/7980-1/
reference_id	USN-7980-1
reference_type
scores
url	https://usn.ubuntu.com/7980-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
purl	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.4-1~deb13u2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2025-15469

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9b9g-yngp-7kd7

url VCID-9nmg-h851-gfcq

vulnerability_id VCID-9nmg-h851-gfcq

summary openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9231.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9231

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.05928
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06137
published_at	2026-04-24T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05961
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05945
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05984
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06022
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06013
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06005
published_at	2026-04-12T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05996
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05962
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05973
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06124
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9231

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://openssl-library.org/news/secadv/20250930.txt

reference_id

20250930.txt

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://openssl-library.org/news/secadv/20250930.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2396055
reference_id	2396055
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2396055

reference_url

https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe

reference_id

567f64386e43683888212226824b6a179885a0fe

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe

reference_url

https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698

reference_id

cba616c26ac8e7b37de5e77762e505ba5ca51698

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698

reference_url

https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4

reference_id

eed5adc9f969d77c94f213767acbb41ff923b6f4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4

reference_url

https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2

reference_id

fc47a2ec078912b3e914fab5734535e76c4820c2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/

url

https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/7786-1/
reference_id	USN-7786-1
reference_type
scores
url	https://usn.ubuntu.com/7786-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.1-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.1-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.1-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.4-1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.4-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2025-9231

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nmg-h851-gfcq

url VCID-9umk-zzdr-1bbb

vulnerability_id VCID-9umk-zzdr-1bbb

summary A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2234

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29566
published_at	2026-04-08T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29633
published_at	2026-04-02T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29682
published_at	2026-04-04T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29503
published_at	2026-04-07T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29604
published_at	2026-04-09T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29606
published_at	2026-04-11T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29561
published_at	2026-04-12T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29508
published_at	2026-04-13T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29527
published_at	2026-04-16T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29499
published_at	2026-04-18T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29454
published_at	2026-04-21T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29341
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2234

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2014-2234

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9umk-zzdr-1bbb

url VCID-b3u8-1a2y-judf

vulnerability_id VCID-b3u8-1a2y-judf

summary

Improper Authentication
Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty associated data entries which are unauthenticated as
a consequence.

Impact summary: Applications that use the AES-SIV algorithm and want to
authenticate empty data entries as associated data can be mislead by removing
adding or reordering such empty entries as these are ignored by the OpenSSL
implementation. We are currently unaware of any such applications.

The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with
NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such a call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated.

As this issue does not affect non-empty associated data authentication and
we expect it to be rare for an application to use empty associated data
entries this is qualified as Low severity issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2975.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2975.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2975

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.40342
published_at	2026-04-02T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40169
published_at	2026-04-24T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40292
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40343
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40354
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40366
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40328
published_at	2026-04-12T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40309
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40356
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40324
published_at	2026-04-18T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40367
published_at	2026-04-04T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40899
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2975

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:23Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:23Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc

reference_url	https://security.netapp.com/advisory/ntap-20230725-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230725-0004/

reference_url

https://www.openssl.org/news/secadv/20230714.txt

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:23Z/

url

https://www.openssl.org/news/secadv/20230714.txt

reference_url	http://www.openwall.com/lists/oss-security/2023/07/15/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/07/15/1

reference_url	http://www.openwall.com/lists/oss-security/2023/07/19/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/07/19/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041818
reference_id	1041818
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041818

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2223016
reference_id	2223016
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2223016

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-2975
reference_id	CVE-2023-2975
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-2975

reference_url	https://access.redhat.com/errata/RHSA-2024:2447
reference_id	RHSA-2024:2447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2447

reference_url	https://usn.ubuntu.com/6450-1/
reference_id	USN-6450-1
reference_type
scores
url	https://usn.ubuntu.com/6450-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.10-1~deb12u1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.10-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.10-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.10-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.10-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-2975

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3u8-1a2y-judf

url VCID-c2uj-69s7-jkbn

vulnerability_id VCID-c2uj-69s7-jkbn

summary openssl: incomplete fix of CVE-2012-2110 for 0.9.x

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2131.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2131.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-2131

reference_id

reference_type

scores

value	0.07856
scoring_system	epss
scoring_elements	0.91966
published_at	2026-04-01T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.91974
published_at	2026-04-02T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.91982
published_at	2026-04-04T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.91988
published_at	2026-04-07T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92
published_at	2026-04-08T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92004
published_at	2026-04-13T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92007
published_at	2026-04-12T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92022
published_at	2026-04-16T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92019
published_at	2026-04-18T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92016
published_at	2026-04-21T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.9202
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2131

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=815661
reference_id	815661
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=815661

reference_url	https://usn.ubuntu.com/1428-1/
reference_id	USN-1428-1
reference_type
scores
url	https://usn.ubuntu.com/1428-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2012-2131

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2uj-69s7-jkbn

url VCID-cef8-2p5t-bff7

vulnerability_id VCID-cef8-2p5t-bff7

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31790.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31790.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-31790

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01498
published_at	2026-04-08T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.0397
published_at	2026-04-24T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04414
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04587
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04603
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0568
published_at	2026-04-09T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06358
published_at	2026-04-13T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06296
published_at	2026-04-16T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06309
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-31790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31790

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac

reference_id

001e01db3e996e13ffc72386fe79d03a6683b5ac

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:32:04Z/

url

https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac

reference_url

https://openssl-library.org/news/secadv/20260407.txt

reference_id

20260407.txt

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:32:04Z/

url

https://openssl-library.org/news/secadv/20260407.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451094
reference_id	2451094
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451094

reference_url

https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482

reference_id

abd8b2eec7e3f3fda60ecfb68498b246b52af482

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:32:04Z/

url

https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482

reference_url

https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406

reference_id

b922e24e5b23ffb9cb9e14cadff23d91e9f7e406

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:32:04Z/

url

https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406

reference_url

https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790

reference_id

d5f8e71cd0a54e961d0c3b174348f8308486f790

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:32:04Z/

url

https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790

reference_url

https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e

reference_id

eed200f58cd8645ed77e46b7e9f764e284df379e

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:32:04Z/

url

https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/8155-1/
reference_id	USN-8155-1
reference_type
scores
url	https://usn.ubuntu.com/8155-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.19-1~deb12u2?distro=trixie
purl	pkg:deb/debian/openssl@3.0.19-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.19-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.5-1~deb13u2?distro=trixie
purl	pkg:deb/debian/openssl@3.5.5-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2026-31790

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cef8-2p5t-bff7

url VCID-cjvp-qu4p-gyb3

vulnerability_id VCID-cjvp-qu4p-gyb3

summary

Multiple vulnerabilities were found in OpenSSL, allowing for the
    execution of arbitrary code and other attacks.

references

reference_url	http://cvs.openssl.org/chngview?cn=20098
reference_id
reference_type
scores
url	http://cvs.openssl.org/chngview?cn=20098

reference_url	http://marc.info/?l=bugtraq&m=129916880600544&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=129916880600544&w=2

reference_url	http://marc.info/?l=bugtraq&m=130497251507577&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=130497251507577&w=2

reference_url	http://openssl.org/news/secadv_20101202.txt
reference_id
reference_type
scores
url	http://openssl.org/news/secadv_20101202.txt

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4252.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4252.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-4252

reference_id

reference_type

scores

value	0.01803
scoring_system	epss
scoring_elements	0.82865
published_at	2026-04-24T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82736
published_at	2026-04-01T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82752
published_at	2026-04-02T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82765
published_at	2026-04-04T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82762
published_at	2026-04-07T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82788
published_at	2026-04-08T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82794
published_at	2026-04-09T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82811
published_at	2026-04-11T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82806
published_at	2026-04-12T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82801
published_at	2026-04-13T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82841
published_at	2026-04-16T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.8284
published_at	2026-04-18T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82843
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-4252

reference_url	http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
reference_id
reference_type
scores
url	http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf

reference_url	http://secunia.com/advisories/42469
reference_id
reference_type
scores
url	http://secunia.com/advisories/42469

reference_url	http://secunia.com/advisories/57353
reference_id
reference_type
scores
url	http://secunia.com/advisories/57353

reference_url	http://securitytracker.com/id?1024823
reference_id
reference_type
scores
url	http://securitytracker.com/id?1024823

reference_url	https://github.com/seb-m/jpake
reference_id
reference_type
scores
url	https://github.com/seb-m/jpake

reference_url	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
reference_id
reference_type
scores
url	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039

reference_url	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
reference_id
reference_type
scores
url	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

reference_url	http://www.securityfocus.com/bid/45163
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/45163

reference_url	http://www.vupen.com/english/advisories/2010/3120
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2010/3120

reference_url	http://www.vupen.com/english/advisories/2010/3122
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2010/3122

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=659297
reference_id	659297
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=659297

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
reference_id	cpe:2.3:a:openssl:openssl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.1c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.2b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.4:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6d:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6e:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6f:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6g:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6h:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6i:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6j:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6k:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6l:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6m:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7d:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7e:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7f:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7g:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7h:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7i:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7j:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7k:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7l:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7m:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8k:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8l:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8m:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8n:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8o:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8p:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-4252

reference_id

CVE-2010-4252

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2010-4252

reference_url	https://security.gentoo.org/glsa/201110-01
reference_id	GLSA-201110-01
reference_type
scores
url	https://security.gentoo.org/glsa/201110-01

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2010-4252

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjvp-qu4p-gyb3

url VCID-d4rs-rag3-cfcy

vulnerability_id VCID-d4rs-rag3-cfcy

summary openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15467.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15467.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-15467

reference_id

reference_type

scores

value	0.00705
scoring_system	epss
scoring_elements	0.72198
published_at	2026-04-24T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72078
published_at	2026-04-07T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72116
published_at	2026-04-08T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72127
published_at	2026-04-09T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.7215
published_at	2026-04-11T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72135
published_at	2026-04-12T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.7212
published_at	2026-04-13T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72161
published_at	2026-04-16T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72169
published_at	2026-04-18T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72155
published_at	2026-04-21T12:55:00Z

value	0.00819
scoring_system	epss
scoring_elements	0.7436
published_at	2026-04-04T12:55:00Z

value	0.00819
scoring_system	epss
scoring_elements	0.74333
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-15467

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://openssl-library.org/news/secadv/20260127.txt

reference_id

20260127.txt

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/

url

https://openssl-library.org/news/secadv/20260127.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2430376
reference_id	2430376
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2430376

reference_url

https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703

reference_id

2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/

url

https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703

reference_url

https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9

reference_id

5f26d4202f5b89664c5c3f3c62086276026ba9a9

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/

url

https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9

reference_url

https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3

reference_id

6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/

url

https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3

reference_url

https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e

reference_id

ce39170276daec87f55c39dad1f629b56344429e

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/

url

https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e

reference_url

https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc

reference_id

d0071a0799f20cc8101730145349ed4487c268dc

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/

url

https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc

reference_url	https://access.redhat.com/errata/RHSA-2026:1472
reference_id	RHSA-2026:1472
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1472

reference_url	https://access.redhat.com/errata/RHSA-2026:1473
reference_id	RHSA-2026:1473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1473

reference_url	https://access.redhat.com/errata/RHSA-2026:1496
reference_id	RHSA-2026:1496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1496

reference_url	https://access.redhat.com/errata/RHSA-2026:1503
reference_id	RHSA-2026:1503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1503

reference_url	https://access.redhat.com/errata/RHSA-2026:1519
reference_id	RHSA-2026:1519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1519

reference_url	https://access.redhat.com/errata/RHSA-2026:1594
reference_id	RHSA-2026:1594
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1594

reference_url	https://access.redhat.com/errata/RHSA-2026:1733
reference_id	RHSA-2026:1733
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1733

reference_url	https://access.redhat.com/errata/RHSA-2026:1736
reference_id	RHSA-2026:1736
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1736

reference_url	https://access.redhat.com/errata/RHSA-2026:2072
reference_id	RHSA-2026:2072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2072

reference_url	https://access.redhat.com/errata/RHSA-2026:2077
reference_id	RHSA-2026:2077
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2077

reference_url	https://access.redhat.com/errata/RHSA-2026:2485
reference_id	RHSA-2026:2485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2485

reference_url	https://access.redhat.com/errata/RHSA-2026:2563
reference_id	RHSA-2026:2563
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2563

reference_url	https://access.redhat.com/errata/RHSA-2026:2633
reference_id	RHSA-2026:2633
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2633

reference_url	https://access.redhat.com/errata/RHSA-2026:2659
reference_id	RHSA-2026:2659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2659

reference_url	https://access.redhat.com/errata/RHSA-2026:2671
reference_id	RHSA-2026:2671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2671

reference_url	https://access.redhat.com/errata/RHSA-2026:2844
reference_id	RHSA-2026:2844
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2844

reference_url	https://access.redhat.com/errata/RHSA-2026:2974
reference_id	RHSA-2026:2974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2974

reference_url	https://access.redhat.com/errata/RHSA-2026:2995
reference_id	RHSA-2026:2995
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2995

reference_url	https://access.redhat.com/errata/RHSA-2026:3228
reference_id	RHSA-2026:3228
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3228

reference_url	https://access.redhat.com/errata/RHSA-2026:3415
reference_id	RHSA-2026:3415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3415

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://access.redhat.com/errata/RHSA-2026:4419
reference_id	RHSA-2026:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4419

reference_url	https://access.redhat.com/errata/RHSA-2026:4943
reference_id	RHSA-2026:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4943

reference_url	https://access.redhat.com/errata/RHSA-2026:6481
reference_id	RHSA-2026:6481
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6481

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/7980-1/
reference_id	USN-7980-1
reference_type
scores
url	https://usn.ubuntu.com/7980-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.18-1~deb12u2?distro=trixie
purl	pkg:deb/debian/openssl@3.0.18-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
purl	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.4-1~deb13u2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2025-15467

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4rs-rag3-cfcy

url VCID-g8at-dasq-h3fb

vulnerability_id VCID-g8at-dasq-h3fb

summary openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66199.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66199.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66199

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.20166
published_at	2026-04-04T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20107
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20575
published_at	2026-04-24T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20649
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20726
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20786
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20804
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20762
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.2071
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.207
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20696
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20688
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66199

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://openssl-library.org/news/secadv/20260127.txt

reference_id

20260127.txt

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:03:12Z/

url

https://openssl-library.org/news/secadv/20260127.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2430379
reference_id	2430379
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2430379

reference_url

https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4

reference_id

3ed1f75249932b155eef993a8e66a99cb98bfef4

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:03:12Z/

url

https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4

reference_url

https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451

reference_id

6184a4fb08ee6d7bca570d931a4e8bef40b64451

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:03:12Z/

url

https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451

reference_url

https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5

reference_id

895150b5e021d16b52fb32b97e1dd12f20448be5

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:03:12Z/

url

https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5

reference_url

https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4

reference_id

966a2478046c311ed7dae50c457d0db4cafbf7e4

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:03:12Z/

url

https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4

reference_url	https://access.redhat.com/errata/RHSA-2026:1472
reference_id	RHSA-2026:1472
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1472

reference_url	https://access.redhat.com/errata/RHSA-2026:1473
reference_id	RHSA-2026:1473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1473

reference_url	https://access.redhat.com/errata/RHSA-2026:1736
reference_id	RHSA-2026:1736
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1736

reference_url	https://access.redhat.com/errata/RHSA-2026:2485
reference_id	RHSA-2026:2485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2485

reference_url	https://access.redhat.com/errata/RHSA-2026:2563
reference_id	RHSA-2026:2563
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2563

reference_url	https://access.redhat.com/errata/RHSA-2026:3228
reference_id	RHSA-2026:3228
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3228

reference_url	https://access.redhat.com/errata/RHSA-2026:4943
reference_id	RHSA-2026:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4943

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/7980-1/
reference_id	USN-7980-1
reference_type
scores
url	https://usn.ubuntu.com/7980-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
purl	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.4-1~deb13u2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2025-66199

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8at-dasq-h3fb

url VCID-gqj1-zam7-c3bv

vulnerability_id VCID-gqj1-zam7-c3bv

summary

Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12797

reference_id

reference_type

scores

value	0.00577
scoring_system	epss
scoring_elements	0.68874
published_at	2026-04-24T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73622
published_at	2026-04-18T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73613
published_at	2026-04-16T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.7357
published_at	2026-04-13T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73578
published_at	2026-04-12T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73595
published_at	2026-04-11T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73528
published_at	2026-04-02T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73614
published_at	2026-04-21T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73572
published_at	2026-04-09T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73559
published_at	2026-04-08T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73523
published_at	2026-04-07T12:55:00Z

value	0.00773
scoring_system	epss
scoring_elements	0.73551
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12797

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/

url

https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9

reference_url

https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/

url

https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7

reference_url

https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/

url

https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g

reference_id

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-12797

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-12797

reference_url

https://openssl-library.org/news/secadv/20250211.txt

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/

url

https://openssl-library.org/news/secadv/20250211.txt

reference_url

http://www.openwall.com/lists/oss-security/2025/02/11/3

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/02/11/3

reference_url

http://www.openwall.com/lists/oss-security/2025/02/11/4

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/02/11/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095765
reference_id	1095765
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095765

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342757
reference_id	2342757
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342757

reference_url

https://github.com/advisories/GHSA-79v4-65xg-pq4g

reference_id

GHSA-79v4-65xg-pq4g

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-79v4-65xg-pq4g

reference_url	https://access.redhat.com/errata/RHSA-2025:1330
reference_id	RHSA-2025:1330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1330

reference_url	https://access.redhat.com/errata/RHSA-2025:1487
reference_id	RHSA-2025:1487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1487

reference_url	https://access.redhat.com/errata/RHSA-2025:1925
reference_id	RHSA-2025:1925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1925

reference_url	https://access.redhat.com/errata/RHSA-2025:1985
reference_id	RHSA-2025:1985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1985

reference_url	https://access.redhat.com/errata/RHSA-2025:2754
reference_id	RHSA-2025:2754
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2754

reference_url	https://access.redhat.com/errata/RHSA-2025:4005
reference_id	RHSA-2025:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4005

reference_url	https://access.redhat.com/errata/RHSA-2025:9895
reference_id	RHSA-2025:9895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9895

reference_url	https://usn.ubuntu.com/7264-1/
reference_id	USN-7264-1
reference_type
scores
url	https://usn.ubuntu.com/7264-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.4.1-1?distro=trixie
purl	pkg:deb/debian/openssl@3.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.4.1-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2024-12797, GHSA-79v4-65xg-pq4g

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqj1-zam7-c3bv

url VCID-gxy4-4rja-ufd2

vulnerability_id VCID-gxy4-4rja-ufd2

summary certificate verification bypass

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4575

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.22693
published_at	2026-04-24T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22982
published_at	2026-04-11T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22945
published_at	2026-04-12T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22889
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22903
published_at	2026-04-16T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22896
published_at	2026-04-18T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22857
published_at	2026-04-21T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23003
published_at	2026-04-02T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23046
published_at	2026-04-04T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22838
published_at	2026-04-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22912
published_at	2026-04-08T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22964
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4575

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106322
reference_id	1106322
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106322

reference_url

https://openssl-library.org/news/secadv/20250522.txt

reference_id

20250522.txt

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:30:40Z/

url

https://openssl-library.org/news/secadv/20250522.txt

reference_url

https://security.archlinux.org/AVG-2882

reference_id

AVG-2882

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2882

reference_url

https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa

reference_id

e96d22446e633d117e6c9904cb15b4693e956eaa

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:30:40Z/

url

https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.0-2?distro=trixie
purl	pkg:deb/debian/openssl@3.5.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.0-2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2025-4575

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxy4-4rja-ufd2

url VCID-h6n1-tsqt-17bw

vulnerability_id VCID-h6n1-tsqt-17bw

summary

Generation of Weak Initialization Vector (IV)
Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths. This can lead to potential truncation
or overruns during the initialisation of some symmetric ciphers.

Impact summary: A truncation in the IV can result in non-uniqueness,
which could result in loss of confidentiality for some cipher modes.

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after
the key and IV have been established. Any alterations to the key length,
via the "keylen" parameter or the IV length, via the "ivlen" parameter,
within the OSSL_PARAM array will not take effect as intended, potentially
causing truncation or overreading of these values. The following ciphers
and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in
loss of confidentiality. For example, when following NIST's SP 800-38D
section 8.2.1 guidance for constructing a deterministic IV for AES in
GCM mode, truncation of the counter portion could lead to IV reuse.

Both truncations and overruns of the key and overruns of the IV will
produce incorrect results and could, in some cases, trigger a memory
exception. However, these issues are not currently assessed as security
critical.

Changing the key and/or IV lengths is not considered to be a common operation
and the vulnerable API was recently introduced. Furthermore it is likely that
application developers will have spotted this problem during testing since
decryption would fail unless both peers in the communication were similarly
vulnerable. For these reasons we expect the probability of an application being
vulnerable to this to be quite low. However if an application is vulnerable then
this issue is considered very serious. For these reasons we have assessed this
issue as Moderate severity overall.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because
the issue lies outside of the FIPS provider boundary.

OpenSSL 3.1 and 3.0 is vulnerable to this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5363.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5363.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5363

reference_id

reference_type

scores

value	0.04745
scoring_system	epss
scoring_elements	0.89448
published_at	2026-04-24T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89383
published_at	2026-04-02T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89394
published_at	2026-04-04T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89396
published_at	2026-04-07T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89412
published_at	2026-04-08T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89416
published_at	2026-04-09T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89425
published_at	2026-04-11T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89423
published_at	2026-04-12T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89419
published_at	2026-04-13T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89434
published_at	2026-04-16T12:55:00Z

value	0.04745
scoring_system	epss
scoring_elements	0.89435
published_at	2026-04-18T12:55:00Z

value	0.0487
scoring_system	epss
scoring_elements	0.89569
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5363

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee

reference_url	https://security.netapp.com/advisory/ntap-20231027-0010/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231027-0010/

reference_url	https://www.debian.org/security/2023/dsa-5532
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5532

reference_url

https://www.openssl.org/news/secadv/20231024.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/

url

https://www.openssl.org/news/secadv/20231024.txt

reference_url	http://www.openwall.com/lists/oss-security/2023/10/24/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/10/24/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2243839
reference_id	2243839
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2243839

reference_url

https://security.archlinux.org/AVG-2848

reference_id

AVG-2848

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2848

reference_url

https://security.archlinux.org/AVG-2849

reference_id

AVG-2849

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2849

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-5363
reference_id	CVE-2023-5363
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-5363

reference_url	https://access.redhat.com/errata/RHSA-2024:0310
reference_id	RHSA-2024:0310
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0310

reference_url	https://access.redhat.com/errata/RHSA-2024:0500
reference_id	RHSA-2024:0500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0500

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:2094
reference_id	RHSA-2024:2094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2094

reference_url	https://usn.ubuntu.com/6450-1/
reference_id	USN-6450-1
reference_type
scores
url	https://usn.ubuntu.com/6450-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.11-1~deb12u2?distro=trixie
purl	pkg:deb/debian/openssl@3.0.11-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.11-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.12-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.12-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.12-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-5363

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6n1-tsqt-17bw

url VCID-j51b-cm37-6fdj

vulnerability_id VCID-j51b-cm37-6fdj

summary openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11187.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11187.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11187

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00356
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00354
published_at	2026-04-02T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00512
published_at	2026-04-24T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00488
published_at	2026-04-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00486
published_at	2026-04-08T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00484
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00481
published_at	2026-04-12T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00483
published_at	2026-04-13T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.0048
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00485
published_at	2026-04-18T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00516
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11187

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://openssl-library.org/news/secadv/20260127.txt

reference_id

20260127.txt

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T03:55:43Z/

url

https://openssl-library.org/news/secadv/20260127.txt

reference_url

https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206

reference_id

205e3a55e16e4bd08c12fdbd3416ab829c0f6206

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T03:55:43Z/

url

https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2430375
reference_id	2430375
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2430375

reference_url

https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8

reference_id

8caf359d6e46fb413e8f5f0df765d2e8a51df4e8

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T03:55:43Z/

url

https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8

reference_url

https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e

reference_id

e1079bc17ed93ff16f6b86f33a2fe3336e78817e

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T03:55:43Z/

url

https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e

reference_url	https://access.redhat.com/errata/RHSA-2026:1472
reference_id	RHSA-2026:1472
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1472

reference_url	https://access.redhat.com/errata/RHSA-2026:1473
reference_id	RHSA-2026:1473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1473

reference_url	https://access.redhat.com/errata/RHSA-2026:1496
reference_id	RHSA-2026:1496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1496

reference_url	https://access.redhat.com/errata/RHSA-2026:1736
reference_id	RHSA-2026:1736
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1736

reference_url	https://access.redhat.com/errata/RHSA-2026:2485
reference_id	RHSA-2026:2485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2485

reference_url	https://access.redhat.com/errata/RHSA-2026:2563
reference_id	RHSA-2026:2563
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2563

reference_url	https://access.redhat.com/errata/RHSA-2026:3228
reference_id	RHSA-2026:3228
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3228

reference_url	https://access.redhat.com/errata/RHSA-2026:4943
reference_id	RHSA-2026:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4943

reference_url	https://access.redhat.com/errata/RHSA-2026:7261
reference_id	RHSA-2026:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7261

reference_url	https://usn.ubuntu.com/7980-1/
reference_id	USN-7980-1
reference_type
scores
url	https://usn.ubuntu.com/7980-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
purl	pkg:deb/debian/openssl@3.5.4-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.4-1~deb13u2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2025-11187

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j51b-cm37-6fdj

url VCID-jv1d-sb5f-xfga

vulnerability_id VCID-jv1d-sb5f-xfga

summary

Multiple vulnerabilities have been found in OpenSSL that can result
    in either Denial of Service or information disclosure.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0208.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0208.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0208

reference_id

reference_type

scores

value	0.28158
scoring_system	epss
scoring_elements	0.96461
published_at	2026-04-01T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96469
published_at	2026-04-02T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96474
published_at	2026-04-04T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96478
published_at	2026-04-07T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96486
published_at	2026-04-08T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96489
published_at	2026-04-09T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96493
published_at	2026-04-11T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96494
published_at	2026-04-12T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96496
published_at	2026-04-13T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96502
published_at	2026-04-16T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96507
published_at	2026-04-18T12:55:00Z

value	0.28158
scoring_system	epss
scoring_elements	0.96509
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0208

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1202369
reference_id	1202369
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1202369

reference_url	https://security.gentoo.org/glsa/201503-11
reference_id	GLSA-201503-11
reference_type
scores
url	https://security.gentoo.org/glsa/201503-11

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2015-0208

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jv1d-sb5f-xfga

url VCID-jw9j-13y5-fkdw

vulnerability_id VCID-jw9j-13y5-fkdw

summary

Multiple vulnerabilities have been found in OpenSSL, the worst of
    which allows attackers to conduct a time based side-channel attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6305.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6305.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6305

reference_id

reference_type

scores

value	0.2493
scoring_system	epss
scoring_elements	0.96176
published_at	2026-04-24T12:55:00Z

value	0.2493
scoring_system	epss
scoring_elements	0.96174
published_at	2026-04-21T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96871
published_at	2026-04-04T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96876
published_at	2026-04-07T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96884
published_at	2026-04-08T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96885
published_at	2026-04-09T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96888
published_at	2026-04-11T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.9689
published_at	2026-04-12T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96891
published_at	2026-04-13T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96898
published_at	2026-04-16T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96902
published_at	2026-04-18T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96858
published_at	2026-04-01T12:55:00Z

value	0.32972
scoring_system	epss
scoring_elements	0.96866
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6305

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1378127
reference_id	1378127
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1378127

reference_url	https://security.gentoo.org/glsa/201612-16
reference_id	GLSA-201612-16
reference_type
scores
url	https://security.gentoo.org/glsa/201612-16

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2016-6305

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jw9j-13y5-fkdw

url VCID-ncw4-3azc-1fb5

vulnerability_id VCID-ncw4-3azc-1fb5

summary

Denial of service by double-checked locking in openssl-src
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3996.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3996.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3996

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.38401
published_at	2026-04-24T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38559
published_at	2026-04-21T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38661
published_at	2026-04-16T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38614
published_at	2026-04-13T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38639
published_at	2026-04-18T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38667
published_at	2026-04-09T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38657
published_at	2026-04-08T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38606
published_at	2026-04-07T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38675
published_at	2026-04-04T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38651
published_at	2026-04-02T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38677
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3996

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T21:11:25Z/

url

https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3996

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3996

reference_url

https://www.openssl.org/news/secadv/20221213.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T21:11:25Z/

url

https://www.openssl.org/news/secadv/20221213.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027102
reference_id	1027102
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027102

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2153239
reference_id	2153239
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2153239

reference_url

https://github.com/advisories/GHSA-vr8j-hgmm-jh9r

reference_id

GHSA-vr8j-hgmm-jh9r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vr8j-hgmm-jh9r

reference_url	https://usn.ubuntu.com/6039-1/
reference_id	USN-6039-1
reference_type
scores
url	https://usn.ubuntu.com/6039-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.7-2?distro=trixie
purl	pkg:deb/debian/openssl@3.0.7-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.7-2%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2022-3996, GHSA-vr8j-hgmm-jh9r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncw4-3azc-1fb5

url VCID-pe34-qqqg-3qe1

vulnerability_id VCID-pe34-qqqg-3qe1

summary

Multiple vulnerabilities were found in OpenSSL, allowing for the
    execution of arbitrary code and other attacks.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0433.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0433.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-0433

reference_id

reference_type

scores

value	0.17272
scoring_system	epss
scoring_elements	0.95002
published_at	2026-04-01T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95011
published_at	2026-04-02T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95013
published_at	2026-04-04T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95015
published_at	2026-04-07T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95024
published_at	2026-04-08T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95027
published_at	2026-04-09T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95033
published_at	2026-04-11T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95035
published_at	2026-04-12T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95037
published_at	2026-04-13T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95046
published_at	2026-04-16T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.9505
published_at	2026-04-18T12:55:00Z

value	0.17272
scoring_system	epss
scoring_elements	0.95052
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-0433

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=569774
reference_id	569774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=569774

reference_url	https://security.gentoo.org/glsa/201110-01
reference_id	GLSA-201110-01
reference_type
scores
url	https://security.gentoo.org/glsa/201110-01

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2010-0433

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pe34-qqqg-3qe1

url VCID-q7te-hzsm-fkck

vulnerability_id VCID-q7te-hzsm-fkck

summary openssl: Use After Free for large message sizes

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6309.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6309.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6309

reference_id

reference_type

scores

value	0.28212
scoring_system	epss
scoring_elements	0.96464
published_at	2026-04-01T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96513
published_at	2026-04-24T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96511
published_at	2026-04-18T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96512
published_at	2026-04-21T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96472
published_at	2026-04-02T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96477
published_at	2026-04-04T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96482
published_at	2026-04-07T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.9649
published_at	2026-04-08T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96493
published_at	2026-04-09T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96497
published_at	2026-04-12T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.965
published_at	2026-04-13T12:55:00Z

value	0.28212
scoring_system	epss
scoring_elements	0.96506
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6309

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1379302
reference_id	1379302
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1379302

reference_url

https://security.archlinux.org/AVG-31

reference_id

AVG-31

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-31

reference_url

https://security.archlinux.org/AVG-32

reference_id

AVG-32

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-32

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2016-6309

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7te-hzsm-fkck

url VCID-r2qs-dmuf-zkev

vulnerability_id VCID-r2qs-dmuf-zkev

summary openssl: Excessive time spent checking DSA keys and parameters

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4603.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4603.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4603

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25625
published_at	2026-04-24T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25878
published_at	2026-04-02T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25921
published_at	2026-04-04T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2569
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25761
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25809
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25819
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25777
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25719
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25722
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25705
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2568
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4603

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071972
reference_id	1071972
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071972

reference_url

https://www.openssl.org/news/secadv/20240516.txt

reference_id

20240516.txt

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:27:25Z/

url

https://www.openssl.org/news/secadv/20240516.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2281029
reference_id	2281029
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2281029

reference_url

https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397

reference_id

3559e868e58005d15c6013a0c1fd832e51c73397

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:27:25Z/

url

https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397

reference_url

https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e

reference_id

53ea06486d296b890d565fb971b2764fcd826e7e

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:27:25Z/

url

https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e

reference_url

https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d

reference_id

9c39b3858091c152f52513c066ff2c5a47969f0d

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:27:25Z/

url

https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d

reference_url

https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740

reference_id

da343d0605c826ef197aceedc67e8e04f065f740

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:27:25Z/

url

https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740

reference_url	https://access.redhat.com/errata/RHSA-2024:9333
reference_id	RHSA-2024:9333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9333

reference_url	https://usn.ubuntu.com/6937-1/
reference_id	USN-6937-1
reference_type
scores
url	https://usn.ubuntu.com/6937-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.14-1~deb12u1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.14-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.14-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.2.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.2.2-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2024-4603

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2qs-dmuf-zkev

url VCID-r69y-4x9c-euhv

vulnerability_id VCID-r69y-4x9c-euhv

summary

Multiple vulnerabilities have been found in OpenSSL that can result
    in either Denial of Service or information disclosure.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0207.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0207.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0207

reference_id

reference_type

scores

value	0.32562
scoring_system	epss
scoring_elements	0.96832
published_at	2026-04-01T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.9684
published_at	2026-04-02T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96841
published_at	2026-04-04T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96845
published_at	2026-04-07T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96854
published_at	2026-04-08T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96855
published_at	2026-04-09T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96858
published_at	2026-04-11T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96859
published_at	2026-04-12T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.9686
published_at	2026-04-13T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96867
published_at	2026-04-16T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96871
published_at	2026-04-18T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96873
published_at	2026-04-21T12:55:00Z

value	0.32562
scoring_system	epss
scoring_elements	0.96874
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0207

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1202351
reference_id	1202351
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1202351

reference_url	https://security.gentoo.org/glsa/201503-11
reference_id	GLSA-201503-11
reference_type
scores
url	https://security.gentoo.org/glsa/201503-11

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2015-0207

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r69y-4x9c-euhv

url VCID-r791-tdk3-4bet

vulnerability_id VCID-r791-tdk3-4bet

summary OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

references

reference_url	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
reference_id
reference_type
scores
url	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc

reference_url	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

reference_url	http://marc.info/?l=bugtraq&m=124464882609472&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=124464882609472&w=2

reference_url	http://marc.info/?l=bugtraq&m=127678688104458&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=127678688104458&w=2

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0789.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0789.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-0789

reference_id

reference_type

scores

value	0.02727
scoring_system	epss
scoring_elements	0.85979
published_at	2026-04-24T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85879
published_at	2026-04-01T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.8589
published_at	2026-04-02T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85907
published_at	2026-04-04T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.8591
published_at	2026-04-07T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85928
published_at	2026-04-08T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85938
published_at	2026-04-09T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85953
published_at	2026-04-11T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85951
published_at	2026-04-12T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85946
published_at	2026-04-13T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85965
published_at	2026-04-16T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85968
published_at	2026-04-18T12:55:00Z

value	0.02727
scoring_system	epss
scoring_elements	0.85959
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-0789

reference_url	http://secunia.com/advisories/34411
reference_id
reference_type
scores
url	http://secunia.com/advisories/34411

reference_url	http://secunia.com/advisories/34460
reference_id
reference_type
scores
url	http://secunia.com/advisories/34460

reference_url	http://secunia.com/advisories/34666
reference_id
reference_type
scores
url	http://secunia.com/advisories/34666

reference_url	http://secunia.com/advisories/35065
reference_id
reference_type
scores
url	http://secunia.com/advisories/35065

reference_url	http://secunia.com/advisories/35380
reference_id
reference_type
scores
url	http://secunia.com/advisories/35380

reference_url	http://secunia.com/advisories/35729
reference_id
reference_type
scores
url	http://secunia.com/advisories/35729

reference_url	http://secunia.com/advisories/36701
reference_id
reference_type
scores
url	http://secunia.com/advisories/36701

reference_url	http://secunia.com/advisories/42724
reference_id
reference_type
scores
url	http://secunia.com/advisories/42724

reference_url	http://secunia.com/advisories/42733
reference_id
reference_type
scores
url	http://secunia.com/advisories/42733

reference_url	http://securitytracker.com/id?1021906
reference_id
reference_type
scores
url	http://securitytracker.com/id?1021906

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/49433
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/49433

reference_url	https://kb.bluecoat.com/index?page=content&id=SA50
reference_id
reference_type
scores
url	https://kb.bluecoat.com/index?page=content&id=SA50

reference_url	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
reference_id
reference_type
scores
url	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

reference_url	http://support.apple.com/kb/HT3865
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT3865

reference_url	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
reference_id
reference_type
scores
url	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

reference_url	http://www.openssl.org/news/secadv_20090325.txt
reference_id
reference_type
scores
url	http://www.openssl.org/news/secadv_20090325.txt

reference_url	http://www.osvdb.org/52866
reference_id
reference_type
scores
url	http://www.osvdb.org/52866

reference_url	http://www.php.net/archive/2009.php#id2009-04-08-1
reference_id
reference_type
scores
url	http://www.php.net/archive/2009.php#id2009-04-08-1

reference_url	http://www.securityfocus.com/bid/34256
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/34256

reference_url	http://www.vupen.com/english/advisories/2009/0850
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/0850

reference_url	http://www.vupen.com/english/advisories/2009/1020
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1020

reference_url	http://www.vupen.com/english/advisories/2009/1175
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1175

reference_url	http://www.vupen.com/english/advisories/2009/1548
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1548

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
reference_id	cpe:2.3:a:openssl:openssl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.1c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.2b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.4:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6d:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6e:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6f:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6g:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6h:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6i:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6j:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6k:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6l:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6m:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
reference_id	cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7d:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7e:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7f:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7g:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7h:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7i:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7j:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7k:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7l:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7m:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
reference_id	cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-0789

reference_id

CVE-2009-0789

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2009-0789

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2009-0789

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r791-tdk3-4bet

url VCID-rmcw-df8y-wqgn

vulnerability_id VCID-rmcw-df8y-wqgn

summary

Multiple vulnerabilities have been found in OpenSSL that can result
    in either Denial of Service or information disclosure.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0291.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0291

reference_id

reference_type

scores

value	0.14593
scoring_system	epss
scoring_elements	0.94495
published_at	2026-04-24T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96882
published_at	2026-04-02T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96887
published_at	2026-04-04T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96892
published_at	2026-04-07T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.969
published_at	2026-04-08T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96901
published_at	2026-04-09T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96875
published_at	2026-04-01T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96906
published_at	2026-04-12T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96907
published_at	2026-04-13T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96914
published_at	2026-04-16T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96918
published_at	2026-04-18T12:55:00Z

value	0.33218
scoring_system	epss
scoring_elements	0.96904
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0291

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1202338
reference_id	1202338
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1202338

reference_url	https://security.gentoo.org/glsa/201503-11
reference_id	GLSA-201503-11
reference_type
scores
url	https://security.gentoo.org/glsa/201503-11

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2015-0291

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmcw-df8y-wqgn

url VCID-rxkb-79tg-zuaz

vulnerability_id VCID-rxkb-79tg-zuaz

summary

Multiple vulnerabilities were found in OpenSSL, allowing for the
    execution of arbitrary code and other attacks.

references

reference_url	http://cvs.openssl.org/chngview?cn=19693
reference_id
reference_type
scores
url	http://cvs.openssl.org/chngview?cn=19693

reference_url	http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1
reference_id
reference_type
scores
url	http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1633.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1633.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-1633

reference_id

reference_type

scores

value	0.00779
scoring_system	epss
scoring_elements	0.73728
published_at	2026-04-24T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.736
published_at	2026-04-01T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.7361
published_at	2026-04-02T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.73634
published_at	2026-04-04T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.73607
published_at	2026-04-07T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.73642
published_at	2026-04-08T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.73655
published_at	2026-04-09T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.73678
published_at	2026-04-11T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.7366
published_at	2026-04-12T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.73652
published_at	2026-04-13T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.73695
published_at	2026-04-21T12:55:00Z

value	0.00779
scoring_system	epss
scoring_elements	0.73705
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-1633

reference_url	http://secunia.com/advisories/40024
reference_id
reference_type
scores
url	http://secunia.com/advisories/40024

reference_url	http://secunia.com/advisories/57353
reference_id
reference_type
scores
url	http://secunia.com/advisories/57353

reference_url	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
reference_id
reference_type
scores
url	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

reference_url	http://www.openssl.org/news/secadv_20100601.txt
reference_id
reference_type
scores
url	http://www.openssl.org/news/secadv_20100601.txt

reference_url	http://www.securityfocus.com/bid/40503
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/40503

reference_url	http://www.vupen.com/english/advisories/2010/1313
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2010/1313

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=598732
reference_id	598732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=598732

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:::::::*
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
reference_id	cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-1633

reference_id

CVE-2010-1633

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2010-1633

reference_url	https://security.gentoo.org/glsa/201110-01
reference_id	GLSA-201110-01
reference_type
scores
url	https://security.gentoo.org/glsa/201110-01

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2010-1633

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxkb-79tg-zuaz

url VCID-t4t8-753w-zqc5

vulnerability_id VCID-t4t8-753w-zqc5

summary

POLY1305 MAC implementation corrupts XMM registers on Windows
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications on the
Windows 64 platform when running on newer X86_64 processors supporting the
AVX512-IFMA instructions.

Impact summary: If in an application that uses the OpenSSL library an attacker
can influence whether the POLY1305 MAC algorithm is used, the application
state might be corrupted with various application dependent consequences.

The POLY1305 MAC (message authentication code) implementation in OpenSSL does
not save the contents of non-volatile XMM registers on Windows 64 platform
when calculating the MAC of data larger than 64 bytes. Before returning to
the caller all the XMM registers are set to zero rather than restoring their
previous content. The vulnerable code is used only on newer x86_64 processors
supporting the AVX512-IFMA instructions.

The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However given the contents of the registers are just zeroized so
the attacker cannot put arbitrary values inside, the most likely consequence,
if any, would be an incorrect result of some application dependent
calculations or a crash leading to a denial of service.

The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3 and a malicious client can influence whether this AEAD
cipher is used by the server. This implies that server applications using
OpenSSL can be potentially impacted. However we are currently not aware of
any concrete application that would be affected by this issue therefore we
consider this a Low severity security issue.

As a workaround the AVX512-IFMA instructions support can be disabled at
runtime by setting the environment variable OPENSSL_ia32cap:

  OPENSSL_ia32cap=:~0x200000

The FIPS provider is not affected by this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4807.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4807.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4807

reference_id

reference_type

scores

value	0.00675
scoring_system	epss
scoring_elements	0.71515
published_at	2026-04-24T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71479
published_at	2026-04-21T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74425
published_at	2026-04-18T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74386
published_at	2026-04-09T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74407
published_at	2026-04-11T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74387
published_at	2026-04-12T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74379
published_at	2026-04-13T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74416
published_at	2026-04-16T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74337
published_at	2026-04-02T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74364
published_at	2026-04-04T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74338
published_at	2026-04-07T12:55:00Z

value	0.0082
scoring_system	epss
scoring_elements	0.74371
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4807

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff

reference_url	https://security.netapp.com/advisory/ntap-20230921-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230921-0001/

reference_url

https://www.openssl.org/news/secadv/20230908.txt

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/

url

https://www.openssl.org/news/secadv/20230908.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2238009
reference_id	2238009
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2238009

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-4807
reference_id	CVE-2023-4807
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-4807

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-4807

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4t8-753w-zqc5

url VCID-t9w1-a3z2-qqar

vulnerability_id VCID-t9w1-a3z2-qqar

summary

Out-of-bounds Read
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM
platform contains a bug that could cause it to read past the input buffer,
leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM
platform can crash in rare circumstances. The AES-XTS algorithm is usually
used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform will read
past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16
byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext
buffer is unmapped, this will trigger a crash which results in a denial of
service.

If an attacker can control the size and location of the ciphertext buffer
being decrypted by an application using AES-XTS on 64 bit ARM, the
application is affected. This is fairly unlikely making this issue
a Low severity one.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1255.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1255.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1255

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.15891
published_at	2026-04-02T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15954
published_at	2026-04-04T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15753
published_at	2026-04-07T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15838
published_at	2026-04-08T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15899
published_at	2026-04-09T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15874
published_at	2026-04-11T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15836
published_at	2026-04-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15767
published_at	2026-04-13T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15689
published_at	2026-04-16T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.157
published_at	2026-04-18T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24349
published_at	2026-04-21T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24225
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1255

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a

reference_url

https://www.openssl.org/news/secadv/20230419.txt

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/

url

https://www.openssl.org/news/secadv/20230419.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id	1034720
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2188461
reference_id	2188461
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2188461

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-1255
reference_id	CVE-2023-1255
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-1255

reference_url

https://security.netapp.com/advisory/ntap-20230908-0006/

reference_id

ntap-20230908-0006

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/

url

https://security.netapp.com/advisory/ntap-20230908-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:3722
reference_id	RHSA-2023:3722
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3722

reference_url	https://usn.ubuntu.com/6119-1/
reference_id	USN-6119-1
reference_type
scores
url	https://usn.ubuntu.com/6119-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.9-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.9-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-1255

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9w1-a3z2-qqar

url VCID-tk2r-atbr-73ge

vulnerability_id VCID-tk2r-atbr-73ge

summary

Out-of-bounds Read
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4203.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4203.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4203

reference_id

reference_type

scores

value	0.00593
scoring_system	epss
scoring_elements	0.69284
published_at	2026-04-21T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69336
published_at	2026-04-24T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.73091
published_at	2026-04-18T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.73081
published_at	2026-04-16T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.73038
published_at	2026-04-13T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.73044
published_at	2026-04-12T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.73065
published_at	2026-04-11T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.73041
published_at	2026-04-09T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.73027
published_at	2026-04-08T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.72994
published_at	2026-04-02T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.73014
published_at	2026-04-04T12:55:00Z

value	0.00745
scoring_system	epss
scoring_elements	0.7299
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4203

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0008.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0008.html

reference_url

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/

url

reference_url

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4203

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164488
reference_id	2164488
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164488

reference_url

reference_id

CVE-2022-4203

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4203

reference_url

https://github.com/advisories/GHSA-w67w-mw4j-8qrv

reference_id

GHSA-w67w-mw4j-8qrv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w67w-mw4j-8qrv

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.8-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.8-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2022-4203, GHSA-w67w-mw4j-8qrv

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2r-atbr-73ge

url VCID-ttju-tw1d-f3ay

vulnerability_id VCID-ttju-tw1d-f3ay

summary

Improper Certificate Validation
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1343

reference_id

reference_type

scores

value	0.00145
scoring_system	epss
scoring_elements	0.34799
published_at	2026-04-18T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34815
published_at	2026-04-16T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.3478
published_at	2026-04-13T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34805
published_at	2026-04-12T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34843
published_at	2026-04-11T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34838
published_at	2026-04-09T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.3481
published_at	2026-04-08T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34766
published_at	2026-04-07T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34887
published_at	2026-04-04T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.3486
published_at	2026-04-02T12:55:00Z

value	0.00145
scoring_system	epss
scoring_elements	0.34643
published_at	2026-04-01T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48392
published_at	2026-04-24T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48407
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1343

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/github/advisory-database/issues/405

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/issues/405

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a

reference_url

https://rustsec.org/advisories/RUSTSEC-2022-0027.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2022-0027.html

reference_url

https://security.netapp.com/advisory/ntap-20220602-0009

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220602-0009

reference_url

https://security.netapp.com/advisory/ntap-20220602-0009/

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/

url

https://security.netapp.com/advisory/ntap-20220602-0009/

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1343

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2087911
reference_id	2087911
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2087911

reference_url

reference_id

CVE-2022-1343

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1343

reference_url

https://github.com/advisories/GHSA-mfm6-r9g2-q4r7

reference_id

GHSA-mfm6-r9g2-q4r7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mfm6-r9g2-q4r7

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a

reference_id

?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a

reference_url	https://access.redhat.com/errata/RHSA-2022:6224
reference_id	RHSA-2022:6224
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6224

reference_url	https://usn.ubuntu.com/5402-1/
reference_id	USN-5402-1
reference_type
scores
url	https://usn.ubuntu.com/5402-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2022-1343, GHSA-mfm6-r9g2-q4r7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttju-tw1d-f3ay

url VCID-tw8y-th2e-x7ex

vulnerability_id VCID-tw8y-th2e-x7ex

summary openssl: Excessive time spent checking invalid RSA public keys

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6237.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6237.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6237

reference_id

reference_type

scores

value	0.00524
scoring_system	epss
scoring_elements	0.66906
published_at	2026-04-07T12:55:00Z

value	0.00524
scoring_system	epss
scoring_elements	0.6699
published_at	2026-04-18T12:55:00Z

value	0.00524
scoring_system	epss
scoring_elements	0.66975
published_at	2026-04-16T12:55:00Z

value	0.00524
scoring_system	epss
scoring_elements	0.66943
published_at	2026-04-13T12:55:00Z

value	0.00524
scoring_system	epss
scoring_elements	0.66974
published_at	2026-04-12T12:55:00Z

value	0.00524
scoring_system	epss
scoring_elements	0.66988
published_at	2026-04-11T12:55:00Z

value	0.00524
scoring_system	epss
scoring_elements	0.66968
published_at	2026-04-09T12:55:00Z

value	0.00524
scoring_system	epss
scoring_elements	0.66933
published_at	2026-04-04T12:55:00Z

value	0.00524
scoring_system	epss
scoring_elements	0.66955
published_at	2026-04-08T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67624
published_at	2026-04-24T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67605
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6237

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d

reference_id

0b0f7abfb37350794a4b8960fafc292cd5d1b84d

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-20T14:44:52Z/

url

https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060858
reference_id	1060858
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060858

reference_url

https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a

reference_id

18c02492138d1eb8b6548cb26e7b625fb2414a2a

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-20T14:44:52Z/

url

https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a

reference_url

https://www.openssl.org/news/secadv/20240115.txt

reference_id

20240115.txt

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-20T14:44:52Z/

url

https://www.openssl.org/news/secadv/20240115.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258502
reference_id	2258502
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258502

reference_url

https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294

reference_id

a830f551557d3d66a84bbb18a5b889c640c36294

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-20T14:44:52Z/

url

https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294

reference_url	https://access.redhat.com/errata/RHSA-2024:2447
reference_id	RHSA-2024:2447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2447

reference_url	https://access.redhat.com/errata/RHSA-2024:9088
reference_id	RHSA-2024:9088
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9088

reference_url	https://usn.ubuntu.com/6622-1/
reference_id	USN-6622-1
reference_type
scores
url	https://usn.ubuntu.com/6622-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.13-1~deb12u1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.13-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.13-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.1.5-1?distro=trixie
purl	pkg:deb/debian/openssl@3.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.1.5-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-6237

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tw8y-th2e-x7ex

url VCID-v45q-mw2w-67g5

vulnerability_id VCID-v45q-mw2w-67g5

summary

Multiple vulnerabilities have been found in OpenSSL that can result
    in either Denial of Service or information disclosure.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0285.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0285.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0285

reference_id

reference_type

scores

value	0.08548
scoring_system	epss
scoring_elements	0.9236
published_at	2026-04-01T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92366
published_at	2026-04-02T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92373
published_at	2026-04-04T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92377
published_at	2026-04-07T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92389
published_at	2026-04-08T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92394
published_at	2026-04-09T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92399
published_at	2026-04-11T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92402
published_at	2026-04-12T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.924
published_at	2026-04-13T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92411
published_at	2026-04-18T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92412
published_at	2026-04-21T12:55:00Z

value	0.08548
scoring_system	epss
scoring_elements	0.92416
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0285

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1202410
reference_id	1202410
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1202410

reference_url	https://security.gentoo.org/glsa/201503-11
reference_id	GLSA-201503-11
reference_type
scores
url	https://security.gentoo.org/glsa/201503-11

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2015-0285

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v45q-mw2w-67g5

url VCID-wp1w-7td9-87gs

vulnerability_id VCID-wp1w-7td9-87gs

summary openssl: excessive allocation of memory in tls_get_message_header()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6307.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6307.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6307

reference_id

reference_type

scores

value	0.13256
scoring_system	epss
scoring_elements	0.94177
published_at	2026-04-24T12:55:00Z

value	0.13256
scoring_system	epss
scoring_elements	0.94175
published_at	2026-04-21T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.95526
published_at	2026-04-04T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.9553
published_at	2026-04-07T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.95536
published_at	2026-04-08T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.95539
published_at	2026-04-09T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.95543
published_at	2026-04-11T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.95545
published_at	2026-04-12T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.95546
published_at	2026-04-13T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.95555
published_at	2026-04-16T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.9556
published_at	2026-04-18T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.95512
published_at	2026-04-01T12:55:00Z

value	0.20439
scoring_system	epss
scoring_elements	0.9552
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6307

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1378203
reference_id	1378203
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1378203

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2016-6307

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wp1w-7td9-87gs

url VCID-wxvb-73gj-p3eu

vulnerability_id VCID-wxvb-73gj-p3eu

summary

Use of a Broken or Risky Cryptographic Algorithm
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1434.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1434.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1434

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20532
published_at	2026-04-24T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20645
published_at	2026-04-21T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20654
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20656
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.2067
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20695
published_at	2026-04-01T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.2061
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20895
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20838
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20722
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20766
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20746
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20686
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1434

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/github/advisory-database/issues/405

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/issues/405

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d56a74a96828985db7354a55227a511615f732b

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d56a74a96828985db7354a55227a511615f732b

reference_url

https://rustsec.org/advisories/RUSTSEC-2022-0026.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2022-0026.html

reference_url

https://security.netapp.com/advisory/ntap-20220602-0009

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220602-0009

reference_url	https://security.netapp.com/advisory/ntap-20220602-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220602-0009/

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1434

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2087912
reference_id	2087912
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2087912

reference_url

reference_id

CVE-2022-1434

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1434

reference_url

https://github.com/advisories/GHSA-638m-m8mh-7gw2

reference_id

GHSA-638m-m8mh-7gw2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-638m-m8mh-7gw2

reference_url	https://usn.ubuntu.com/5402-1/
reference_id	USN-5402-1
reference_type
scores
url	https://usn.ubuntu.com/5402-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2022-1434, GHSA-638m-m8mh-7gw2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxvb-73gj-p3eu

url VCID-xq7s-zrwb-yffw

vulnerability_id VCID-xq7s-zrwb-yffw

summary Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.

references

reference_url

http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3786.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3786.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3786

reference_id

reference_type

scores

value	0.2063
scoring_system	epss
scoring_elements	0.95565
published_at	2026-04-07T12:55:00Z

value	0.2063
scoring_system	epss
scoring_elements	0.95582
published_at	2026-04-13T12:55:00Z

value	0.2063
scoring_system	epss
scoring_elements	0.9558
published_at	2026-04-12T12:55:00Z

value	0.2063
scoring_system	epss
scoring_elements	0.95579
published_at	2026-04-11T12:55:00Z

value	0.2063
scoring_system	epss
scoring_elements	0.95575
published_at	2026-04-09T12:55:00Z

value	0.2063
scoring_system	epss
scoring_elements	0.95572
published_at	2026-04-08T12:55:00Z

value	0.2063
scoring_system	epss
scoring_elements	0.95557
published_at	2026-04-02T12:55:00Z

value	0.2063
scoring_system	epss
scoring_elements	0.95562
published_at	2026-04-04T12:55:00Z

value	0.21428
scoring_system	epss
scoring_elements	0.95714
published_at	2026-04-16T12:55:00Z

value	0.21428
scoring_system	epss
scoring_elements	0.95718
published_at	2026-04-18T12:55:00Z

value	0.26622
scoring_system	epss
scoring_elements	0.96351
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3786

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3

reference_url

https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:54Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3786

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3786

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023

reference_url

https://rustsec.org/advisories/RUSTSEC-2022-0065.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2022-0065.html

reference_url

https://security.netapp.com/advisory/ntap-20221102-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221102-0001

reference_url	https://security.netapp.com/advisory/ntap-20221102-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221102-0001/

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
reference_id
reference_type
scores
url	https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:54Z/

url

http://www.openwall.com/lists/oss-security/2022/11/01/15

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/01/15

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/16

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/01/16

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/17

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/01/17

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/18

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/01/18

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/19

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/01/19

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/01/20

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/01/21

reference_url

http://www.openwall.com/lists/oss-security/2022/11/01/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/01/24

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/1

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/10

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/11

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/12

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/12

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/13

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/13

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/14

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/14

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/15

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/15

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/2

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/3

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/5

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/6

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/7

reference_url

http://www.openwall.com/lists/oss-security/2022/11/02/9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/02/9

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/1

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/10

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/11

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/2

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/3

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/5

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/6

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/7

reference_url

http://www.openwall.com/lists/oss-security/2022/11/03/9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/11/03/9

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2139104
reference_id	2139104
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2139104

reference_url

https://github.com/advisories/GHSA-h8jm-2x53-xhp5

reference_id

GHSA-h8jm-2x53-xhp5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h8jm-2x53-xhp5

reference_url

reference_id

GLSA-202211-01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0401.json

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:7288
reference_id	RHSA-2022:7288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7288

reference_url	https://access.redhat.com/errata/RHSA-2022:7384
reference_id	RHSA-2022:7384
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7384

reference_url	https://usn.ubuntu.com/5710-1/
reference_id	USN-5710-1
reference_type
scores
url	https://usn.ubuntu.com/5710-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.7-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.7-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2022-3786, GHSA-h8jm-2x53-xhp5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xq7s-zrwb-yffw

url VCID-xqt3-3um9-8faq

vulnerability_id VCID-xqt3-3um9-8faq

summary

NULL Pointer Dereference
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0401.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0401

reference_id

reference_type

scores

value	0.00825
scoring_system	epss
scoring_elements	0.74528
published_at	2026-04-24T12:55:00Z

value	0.00825
scoring_system	epss
scoring_elements	0.74493
published_at	2026-04-21T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77098
published_at	2026-04-18T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77096
published_at	2026-04-16T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77056
published_at	2026-04-13T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77061
published_at	2026-04-12T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77081
published_at	2026-04-11T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77053
published_at	2026-04-09T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77042
published_at	2026-04-08T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.7701
published_at	2026-04-07T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77029
published_at	2026-04-04T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.77
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0401

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0013.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0013.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0401

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164500
reference_id	2164500
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164500

reference_url

reference_id

CVE-2023-0401

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0401

reference_url

https://github.com/advisories/GHSA-vrh7-x64v-7vxq

reference_id

GHSA-vrh7-x64v-7vxq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vrh7-x64v-7vxq

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.0.8-1?distro=trixie
purl	pkg:deb/debian/openssl@3.0.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.8-1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2023-0401, GHSA-vrh7-x64v-7vxq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqt3-3um9-8faq

url VCID-y71f-vhew-p3d2

vulnerability_id VCID-y71f-vhew-p3d2

summary openssl: Crash in ssleay_rand_bytes due to locking regression

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3216.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3216.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3216

reference_id

reference_type

scores

value	0.01559
scoring_system	epss
scoring_elements	0.81404
published_at	2026-04-01T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81413
published_at	2026-04-02T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81436
published_at	2026-04-04T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81434
published_at	2026-04-07T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81462
published_at	2026-04-08T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81468
published_at	2026-04-09T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81489
published_at	2026-04-11T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81476
published_at	2026-04-12T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81469
published_at	2026-04-13T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81506
published_at	2026-04-16T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81507
published_at	2026-04-18T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81509
published_at	2026-04-21T12:55:00Z

value	0.01559
scoring_system	epss
scoring_elements	0.81531
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3216

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1227574
reference_id	1227574
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1227574

reference_url	https://access.redhat.com/errata/RHSA-2015:1115
reference_id	RHSA-2015:1115
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1115

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2015-3216

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y71f-vhew-p3d2

url VCID-yb9y-4y13-efg6

vulnerability_id VCID-yb9y-4y13-efg6

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5738

reference_id

reference_type

scores

value	0.00806
scoring_system	epss
scoring_elements	0.74111
published_at	2026-04-01T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74117
published_at	2026-04-02T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74143
published_at	2026-04-04T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74114
published_at	2026-04-07T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74147
published_at	2026-04-08T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74162
published_at	2026-04-09T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74183
published_at	2026-04-11T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74165
published_at	2026-04-12T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74159
published_at	2026-04-13T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74196
published_at	2026-04-16T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74205
published_at	2026-04-18T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74197
published_at	2026-04-21T12:55:00Z

value	0.00806
scoring_system	epss
scoring_elements	0.74232
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5738

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2015-5738

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yb9y-4y13-efg6

url VCID-zf5b-ajub-zue3

vulnerability_id VCID-zf5b-ajub-zue3

summary

Multiple vulnerabilities have been found in OpenSSL that can result
    in either Denial of Service or information disclosure.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1787.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1787.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1787

reference_id

reference_type

scores

value	0.25826
scoring_system	epss
scoring_elements	0.96222
published_at	2026-04-01T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.9623
published_at	2026-04-02T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96237
published_at	2026-04-04T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96241
published_at	2026-04-07T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.9625
published_at	2026-04-08T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96253
published_at	2026-04-09T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96257
published_at	2026-04-12T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96258
published_at	2026-04-13T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96267
published_at	2026-04-16T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96272
published_at	2026-04-18T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96273
published_at	2026-04-21T12:55:00Z

value	0.25826
scoring_system	epss
scoring_elements	0.96274
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1787

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1202406
reference_id	1202406
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1202406

reference_url	https://security.gentoo.org/glsa/201503-11
reference_id	GLSA-201503-11
reference_type
scores
url	https://security.gentoo.org/glsa/201503-11

fixed_packages

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.18-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8gde-1md7-5yak

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.18-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

purl pkg:deb/debian/openssl@3.5.5-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7f9q-mhsr-8bfq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.5-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.6.1-3?distro=trixie

purl pkg:deb/debian/openssl@3.6.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-74wu-sup9-cybb

vulnerability	VCID-7f9q-mhsr-8bfq

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.1-3%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

aliases CVE-2015-1787

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zf5b-ajub-zue3

url VCID-zhwv-pq2x-8bey

vulnerability_id VCID-zhwv-pq2x-8bey

summary

Improper Resource Shutdown or Release
The `OPENSSL_LH_flush()` function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1473

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51023
published_at	2026-04-21T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50971
published_at	2026-04-24T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56062
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56079
published_at	2026-04-12T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56099
published_at	2026-04-18T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56097
published_at	2026-04-16T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56036
published_at	2026-04-07T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56058
published_at	2026-04-04T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56037
published_at	2026-04-02T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55926
published_at	2026-04-01T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56102
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5609
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56087
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1473

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/github/advisory-database/issues/405

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/issues/405

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1

reference_url

https://rustsec.org/advisories/RUSTSEC-2022-0025.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2022-0025.html

reference_url

https://security.netapp.com/advisory/ntap-20220602-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220602-0009

reference_url

https://security.netapp.com/advisory/ntap-20220602-0009/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/

url

https://security.netapp.com/advisory/ntap-20220602-0009/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/

url