Search for packages
| purl | pkg:gem/openssl@2.0.0.beta.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-c3y8-w4b4-3qea
Aliases: CVE-2018-16395 GHSA-mmrq-6999-72v8 |
Improper Certificate Validation When two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-fapg-pt6b-rfb2
Aliases: CVE-2017-14033 GHSA-v6rp-3r3v-hf4p |
Improper Restriction of Operations within the Bounds of a Memory Buffer The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ym1e-mqp8-vbfr
Aliases: CVE-2016-7798 GHSA-6h88-qjpv-p32m |
Cryptographic Issues The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||