Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/openssl@2.0.0
purl pkg:gem/openssl@2.0.0
Next non-vulnerable version 2.1.2
Latest non-vulnerable version 2.1.2
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-c3y8-w4b4-3qea
Aliases:
CVE-2018-16395
GHSA-mmrq-6999-72v8
Improper Certificate Validation When two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
2.0.9
Affected by 1 other vulnerability.
2.1.2
Affected by 0 other vulnerabilities.
VCID-fapg-pt6b-rfb2
Aliases:
CVE-2017-14033
GHSA-v6rp-3r3v-hf4p
Improper Restriction of Operations within the Bounds of a Memory Buffer The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
2.2.8
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-fapg-pt6b-rfb2 Improper Restriction of Operations within the Bounds of a Memory Buffer The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. CVE-2017-14033
GHSA-v6rp-3r3v-hf4p
VCID-ym1e-mqp8-vbfr Cryptographic Issues The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. CVE-2016-7798
GHSA-6h88-qjpv-p32m

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:52:21.925708+00:00 GitLab Importer Fixing VCID-fapg-pt6b-rfb2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2017-14033.yml 38.4.0
2026-04-16T20:50:16.029442+00:00 GitLab Importer Affected by VCID-c3y8-w4b4-3qea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2018-16395.yml 38.4.0
2026-04-16T20:36:14.414542+00:00 GitLab Importer Fixing VCID-ym1e-mqp8-vbfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2016-7798.yml 38.4.0
2026-04-16T01:19:01.668120+00:00 GHSA Importer Fixing VCID-ym1e-mqp8-vbfr https://github.com/advisories/GHSA-6h88-qjpv-p32m 38.4.0
2026-04-11T23:08:06.893691+00:00 GitLab Importer Fixing VCID-fapg-pt6b-rfb2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2017-14033.yml 38.3.0
2026-04-11T22:00:54.473958+00:00 GitLab Importer Affected by VCID-c3y8-w4b4-3qea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2018-16395.yml 38.3.0
2026-04-11T21:46:47.718030+00:00 GitLab Importer Fixing VCID-ym1e-mqp8-vbfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2016-7798.yml 38.3.0
2026-04-11T12:47:08.687051+00:00 GHSA Importer Fixing VCID-ym1e-mqp8-vbfr https://github.com/advisories/GHSA-6h88-qjpv-p32m 38.3.0
2026-04-04T14:30:38.929326+00:00 GHSA Importer Fixing VCID-fapg-pt6b-rfb2 https://github.com/advisories/GHSA-v6rp-3r3v-hf4p 38.1.0
2026-04-02T23:16:36.343605+00:00 GitLab Importer Fixing VCID-fapg-pt6b-rfb2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2017-14033.yml 38.1.0
2026-04-02T22:13:56.868057+00:00 GitLab Importer Affected by VCID-c3y8-w4b4-3qea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2018-16395.yml 38.1.0
2026-04-02T22:00:48.526868+00:00 GitLab Importer Fixing VCID-ym1e-mqp8-vbfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2016-7798.yml 38.1.0
2026-04-02T13:42:35.044784+00:00 GHSA Importer Fixing VCID-ym1e-mqp8-vbfr https://github.com/advisories/GHSA-6h88-qjpv-p32m 38.1.0
2026-04-01T17:36:42.032461+00:00 GitLab Importer Fixing VCID-fapg-pt6b-rfb2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2017-14033.yml 38.0.0
2026-04-01T16:31:26.607954+00:00 GitLab Importer Affected by VCID-c3y8-w4b4-3qea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2018-16395.yml 38.0.0
2026-04-01T15:56:12.024864+00:00 GHSA Importer Fixing VCID-ym1e-mqp8-vbfr https://github.com/advisories/GHSA-6h88-qjpv-p32m 38.0.0
2026-04-01T15:18:27.142426+00:00 Ruby Importer Affected by VCID-fapg-pt6b-rfb2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/openssl/CVE-2017-14033.yml 38.0.0
2026-04-01T13:08:05.883361+00:00 GithubOSV Importer Fixing VCID-fapg-pt6b-rfb2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v6rp-3r3v-hf4p/GHSA-v6rp-3r3v-hf4p.json 38.0.0
2026-04-01T12:54:18.808628+00:00 GithubOSV Importer Fixing VCID-ym1e-mqp8-vbfr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-6h88-qjpv-p32m/GHSA-6h88-qjpv-p32m.json 38.0.0
2026-04-01T12:47:10.675995+00:00 GitLab Importer Fixing VCID-ym1e-mqp8-vbfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/openssl/CVE-2016-7798.yml 38.0.0