VulnerableCode Package Details - pkg:deb/debian/openssl@3.0.7-2?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/openssl@3.0.7-2?distro=trixie

purl	pkg:deb/debian/openssl@3.0.7-2?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-ncw4-3azc-1fb5	Denial of service by double-checked locking in openssl-src If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.	CVE-2022-3996 GHSA-vr8j-hgmm-jh9r

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:49:12.763708+00:00	Debian Importer	Fixing	VCID-ncw4-3azc-1fb5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:21.776307+00:00	Debian Importer	Fixing	VCID-ncw4-3azc-1fb5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:04.697370+00:00	Debian Importer	Fixing	VCID-ncw4-3azc-1fb5	https://security-tracker.debian.org/tracker/data/json	38.1.0