OpenSSL (IBB) Program Statistics

View program

34 total issues disclosed

$33,000 total paid publicly

Most disclosed (9 disclosures) — Memory Corruption - Generic

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Integer overflow in CipherUpdate Integer Overflow reaperhulk High 2021-04-08
Windows only: arbitrary file read vulnerability in openssl s_server Path Traversal jobert Medium 2020-10-10
Client DoS due to large DH parameter (CVE-2018-0732) Denial of Service guido Low 2018-09-20
SSL_peek() hang on empty record (CVE-2016-6305) Denial of Service alex_gaynor Medium 2018-01-11
Malformed SHA512 ticket DoS (CVE-2016-6302) Denial of Service theyarestone Low 2017-05-25
OOB read in TS_OBJ_print_bio() (CVE-2016-2180) Out-of-bounds Read theyarestone Low 2017-05-25
Certificate message OOB reads (CVE-2016-6306) Out-of-bounds Read theyarestone Low 2017-05-25
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) Denial of Service theyarestone Low 2017-05-25
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) Denial of Service theyarestone Low 2017-05-25
OOB write in MDC2_Update() (CVE-2016-6303) Heap Overflow theyarestone Low 2017-05-25
OOB write in BN_bn2dec() (CVE-2016-2182) Heap Overflow theyarestone Low 2017-05-25
OCSP Status Request extension unbounded memory growth (CVE-2016-6304) Denial of Service theyarestone High 2017-04-12
CVE-2017-3730: Bad (EC)DHE parameters cause a client crash Denial of Service guido Medium 2017-02-07
Remote client memory corruption in ssl_add_clienthello_tlsext() Code Injection guido No rating 2016-12-30
Double-free in X509 parsing Memory Corruption - Generic guido No rating 2016-12-30
SSLv2 doesn't block disabled ciphers (CVE-2015-3197) Cryptographic Issues - Generic nimia No rating 2016-09-21
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) Cryptographic Issues - Generic nimia No rating 2016-09-21
CVE-2016-2177 Undefined pointer arithmetic in SSL code Memory Corruption - Generic guido No rating 2016-09-20
Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703) Cryptographic Issues - Generic dadrian No rating 2016-06-01
Bleichenbacher oracle in SSLv2 (CVE-2016-0704) Cryptographic Issues - Generic dadrian No rating 2016-06-01
Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) Cryptographic Issues - Generic jurajsomorovsky No rating 2016-05-19
ASN.1 BIO excessive memory allocation (CVE-2016-2109) Denial of Service geeknik No rating 2016-05-03
Potential double free in EVP_DigestInit_ex Memory Corruption - Generic guido No rating 2016-05-03
EBCDIC overread (CVE-2016-2176) Memory Corruption - Generic guido No rating 2016-05-03
EVP_EncryptUpdate overflow (CVE-2016-2106) Memory Corruption - Generic guido No rating 2016-05-03
EVP_EncodeUpdate overflow (CVE-2016-2105) Memory Corruption - Generic guido No rating 2016-05-03
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) Cryptographic Issues - Generic hanno No rating 2016-04-12
CVE-2016-0799 memory issues in BIO_*printf functions Memory Corruption - Generic guido No rating 2016-03-28
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701) Cryptographic Issues - Generic asanso No rating 2016-03-28
b2i_PVK_bio heap corruption Memory Corruption - Generic guido No rating 2016-03-28
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) Memory Corruption - Generic guido No rating 2016-03-28
Malformed ECParameters causes infinite loop None supplied ctz No rating 2015-06-11
Segmentation fault for invalid PSS parameters None supplied geeknik No rating 2015-03-19
X509_to_X509_REQ NULL pointer deref None supplied geeknik No rating 2015-03-15