openssl

RubyGems3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting opensslpage 1 of 1

CVE-2016-7798HIGHCVSS 7.5EG 7.5✓ Fixed in 2.0.0
2017-01-30
vulnerable: 2.0.0.beta.1, 2.0.0.beta.2
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
CVE-2017-14033HIGHCVSS 7.5EG 7.5✓ Fixed in 2.0.0
2017-09-19
vulnerable: 2.0.0.beta.1, 2.0.0.beta.2
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
CVE-2018-16395CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.1.2
2018-11-16
vulnerable: 2.1.0, 2.1.1
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal …

Check whether openssl is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for openssl CVEs against the assets you own.

Start Free Scan →