Version 3.2.0

openssl

OpenSSL for Ruby provides access to SSL/TLS and general-purpose cryptography based on the OpenSSL library.

Install Instructions

gem install openssl
Current Version Release Date September 21, 2023
Language Ruby
Package URL (purl) pkg:gem/openssl@3.2.0

Find openssl vulnerabilities in your supply chain.

Scan for Free

openssl Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2022-3602 High 8.8 CWE-120 0.11749 0.95473
  • 3.0.0–3.0.2
CVE-2022-3786 High 8.8 CWE-120 0.00125 0.48117
  • 3.0.0–3.0.2
CVE-2018-16395 High 9.8 CWE-19 0.00903 0.83229
  • 2.0.0–2.1.1
CVE-2016-7798 High 7.5 CWE-326 0.00383 0.73608
  • 2.0.0.beta.1–2.0.0.beta.2
CVE-2017-14033 High 7.5 CWE-119 0.01832 0.88632
  • 2.0.0.beta.1–2.0.0.beta.2

openssl Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2022-3786 None 3.0.0, 3.0.1, 3.0.2 Minor → 3.1.0
CVE-2022-3602 None 3.0.0, 3.0.1, 3.0.2 Minor → 3.1.0
CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. 2.1.0, 2.0.8, 2.0.7, 2.0.5, 2.0.0.beta.2, 2.0.0.beta.1, 2.0.4, 2.0.0 (Show all) Patch → 2.1.2
CVE-2017-14033 The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. 2.0.0.beta.2, 2.0.0.beta.1 Patch → 2.0.9
CVE-2016-7798 The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. 2.0.0.beta.2, 2.0.0.beta.1 Patch → 2.0.9

Instantly see if these openssl vulnerabilities affect your code.

Scan for Free