Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
LibreSSL Number Of NVD 12 CRITICAL 3 HIGH 5 MEDIUM 4 LOW 0
URL https://www.libressl.org/
Explanation An open source TLS/SSL protocol developed by OpenBSD developers to remedy potential problems with OpenSSL in response to the OpenSSL heartbleed vulnerability.
It migrates to a new stable branch every 6 months according to OpenBSD's development schedule.
A stable branch is updated for one year after the corresponding OpenBSD branch release is tagged.
Tag
  • オープンソース
  • Apache License v1.0
  • ISC License
  • 4条項BSDライセンス
  • public domain
Add Information URL
No Type Name URL
1 https://www.libressl.org/releases.html
2 https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 LibreSSL 3 3.9.2 May 12, 2024 April 1, 2019 2 2 2 0
2 LibreSSL 2.9 2.9.2 May 15, 2019 Dec. 15, 2018 2 2 2 0
3 LibreSSL 2.8 2.8.3 Dec. 15, 2018 Aug. 3, 2018 2 0 2 0
4 LibreSSL 2.7 2.7.5 Dec. 15, 2018 March 21, 2018 2 1 3 0
5 LibreSSL 2.6 2.6.5 June 13, 2018 July 9, 2017 2 0 3 0
6 LibreSSL 2.5 2.5.5 July 9, 2017 Sept. 27, 2016 2 0 4 0
7 LibreSSL 2.4 2.4.5 Jan. 31, 2017 May 30, 2016 2 0 3 0
8 LibreSSL 2.3 2.3.9 Nov. 6, 2016 Sept. 23, 2015 3 1 3 0
9 LibreSSL 2.2 2.2.9 June 7, 2016 June 11, 2015 3 1 3 0
10 LibreSSL 2.1 2.1.10 Jan. 28, 2016 Dec. 12, 2014 3 2 3 0
11 LibreSSL 2.0 2.0.6 3 2 3 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 9.8
- 		CRITICAL
Network 		A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affec… CWE-415
CWE-416
 Double Free
 Use After Free 		CVE-2023-35784 cpe:2.3:a:openbsd:libressl:*:* 3.7.0

3.7.3
3.6.3 		2024-11-21 17:08
2023-06-17 		Show GitHub Exploit DB Packet Storm
2 9.8
- 		CRITICAL
Network 		x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. CWE-295
Improper Certificate Validation  		CVE-2021-46880 cpe:2.3:a:openbsd:libressl:*:* 3.4.2 2024-11-21 15:34
2023-04-15 		Show GitHub Exploit DB Packet Storm
3 5.3
- 		MEDIUM
Network 		An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verifi… CWE-295
Improper Certificate Validation  		CVE-2022-48437 cpe:2.3:a:openbsd:libressl:*:* 3.6.1 2024-11-21 16:33
2023-04-12 		Show GitHub Exploit DB Packet Storm
4 5.5
4.3 		MEDIUM
Local 		x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0'… CWE-125
Out-of-bounds Read 		CVE-2021-41581 cpe:2.3:a:openbsd:libressl:*:* 3.4.0 2024-11-21 15:26
2021-09-24 		Show GitHub Exploit DB Packet Storm
5 7.1
5.8 		HIGH
Local 		LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). CWE-125
Out-of-bounds Read 		CVE-2019-25049 cpe:2.3:a:openbsd:libressl:*:* 2.9.1 3.2.1 2024-11-21 13:39
2021-07-1 		Show GitHub Exploit DB Packet Storm
6 7.1
5.8 		HIGH
Local 		LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). CWE-125
Out-of-bounds Read 		CVE-2019-25048 cpe:2.3:a:openbsd:libressl:*:* 2.9.1 3.2.1 2024-11-21 13:39
2021-07-1 		Show GitHub Exploit DB Packet Storm
7 7.5
5.0 		HIGH
Network 		Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 cert… CWE-400
 Uncontrolled Resource Consumption 		CVE-2015-5333 cpe:2.3:a:openbsd:libressl:*:* 2.3.1 2024-11-21 11:32
2020-01-24 		Show GitHub Exploit DB Packet Storm
8 9.8
7.5 		CRITICAL
Network 		Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certi… CWE-787
 Out-of-bounds Write 		CVE-2015-5334 cpe:2.3:a:openbsd:libressl:*:* 2.3.1 2024-11-21 11:32
2020-01-24 		Show GitHub Exploit DB Packet Storm
9 4.7
1.9 		MEDIUM
Local 		LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attack… CWE-200
Information Exposure 		CVE-2018-12434 cpe:2.3:a:openbsd:libressl:2.7.3:*
cpe:2.3:a:openbsd:libressl:2.7.2:*
cpe:2.3:a:openbsd:libressl:2.7.1:*
cpe:2… 		2.6.5 2024-11-21 12:45
2018-06-15 		Show GitHub Exploit DB Packet Storm
10 7.4
5.8 		HIGH
Network 		The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of ho… CWE-295
Improper Certificate Validation  		CVE-2018-8970 cpe:2.3:a:openbsd:libressl:2.7.0:* 2024-11-21 13:14
2018-03-25 		Show GitHub Exploit DB Packet Storm