Summary
HttpSignatureService::verifySignature() checks the result of PHP's openssl_verify() with a loose boolean negation - if (!openssl_verify(...)) { throw ... }. PHP's openssl_verify has four possible return values:
| return | meaning |…
A remote, anonymous attacker can exploit multiple vulnerabilities in OpenSSL and LibreSSL to potentially execute arbitrary code, cause a Denial of Service state, and disclose confidential information.
An attacker can exploit multiple vulnerabilities in OpenSSL to execute arbitrary code, bypass security measures, disclose confidential information, manipulate data, or cause a denial-of-service condition.
An attacker can exploit multiple vulnerabilities in OpenSSL to conduct a denial of service attack, disclose sensitive information, or perform other unspecified attacks.
It was discovered that a buffer overflow in the implementation of AES Key Wrap with Padding in the openssl extension of PHP, a widely-used open source general purpose scripting language, could result in memory corruption. https://security-t…
In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with…
A remote, authenticated attacker can exploit a vulnerability in OpenSSL to bypass security measures.
Serial number: AV26-637 Date: June 29, 2026 Between June 22 and 28, 2026, CISA published ICS advisories to address vulnerabilities in the following products: ABB Freelance Security Lock – all versions B&R Industrial Automation GmbH APROL – …
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceedin…
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs (WOLFSSL_TEMP_CA) a…
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify…
View CSAF Summary OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution. Siemens has released new versions for sever…
Scope: Amazon/AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 8:30 AM PDT Description: AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS C…
The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.