Search CVE reports
21 – 30 of 331 results
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when...
1 affected package
rust-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref<Target =...
1 affected package
rust-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and...
1 affected package
rust-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than...
1 affected package
rust-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | Vulnerable | Vulnerable | Not affected | Not affected | — |
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The...
1 affected package
rust-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | Vulnerable | Vulnerable | Vulnerable | Not affected | — |
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a...
1 affected package
rust-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | Vulnerable | Vulnerable | Vulnerable | Vulnerable | — |
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying...
1 affected package
rust-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | Vulnerable | Vulnerable | Vulnerable | Vulnerable | — |
Some fixes available 4 of 7
Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Not affected | Not affected |
| openssl-fips | Not in release | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| edk2 | Vulnerable | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 4 of 7
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Not affected | Not affected |
| openssl-fips | Not in release | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| edk2 | Vulnerable | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 8 of 18
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl-fips | Not in release | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | Not in release | — | Fixed |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |