Version 3.2.0
openssl
OpenSSL for Ruby provides access to SSL/TLS and general-purpose cryptography based on the OpenSSL library.
Install Instructions
gem install openssl
Current Version Release Date September 21, 2023
Language Ruby
Package URL (purl) pkg:gem/openssl@3.2.0
Find openssl
vulnerabilities in your supply chain.
openssl Vulnerabilities
Sort by
CVE (Latest)
CVE | CVSS Score | CWE(s) | EPSS Score | EPSS % | Impacted Versions |
---|---|---|---|---|---|
CVE-2022-3602 | High 8.8 | CWE-120 | 0.11749 | 0.95473 |
|
CVE-2022-3786 | High 8.8 | CWE-120 | 0.00125 | 0.48117 |
|
CVE-2018-16395 | High 9.8 | CWE-19 | 0.00903 | 0.83229 |
|
CVE-2016-7798 | High 7.5 | CWE-326 | 0.00383 | 0.73608 |
|
CVE-2017-14033 | High 7.5 | CWE-119 | 0.01832 | 0.88632 |
|
openssl Vulnerability Remediation Guidance
CVE | Description | Full list of Impacted Versions | Fix |
---|---|---|---|
CVE-2022-3786 | None | 3.0.0, 3.0.1, 3.0.2 | Minor → 3.1.0 |
CVE-2022-3602 | None | 3.0.0, 3.0.1, 3.0.2 | Minor → 3.1.0 |
CVE-2018-16395 | An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | 2.1.0, 2.0.8, 2.0.7, 2.0.5, 2.0.0.beta.2, 2.0.0.beta.1, 2.0.4, 2.0.0 (Show all) | Patch → 2.1.2 |
CVE-2017-14033 | The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. | 2.0.0.beta.2, 2.0.0.beta.1 | Patch → 2.0.9 |
CVE-2016-7798 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. | 2.0.0.beta.2, 2.0.0.beta.1 | Patch → 2.0.9 |
Instantly see if these openssl
vulnerabilities affect your code.