libressl/openbsd

GitHub

github.com

Releases230

Frequency1 month 2 weeks

Last Release about 2 months ago

Stars245

Source code pulled from OpenBSD for LibreSSL - this includes most of the library and supporting code. The place to contribute to this code is via the OpenBSD CVS tree. Please mail patches to [email protected], instead of submitting pull requests, since this tree is often rebased.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-35784 ↗	Jun 16, 2023Friday, 16 June 2023, 20:15	9.8 CRITICAL	—
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
CVE-2021-41581 ↗	Sep 24, 2021Friday, 24 September 2021, 03:15	5.5 MEDIUM	4.3 MEDIUM
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
CVE-2018-8970 ↗	Mar 24, 2018Saturday, 24 March 2018, 21:29	—	5.8 MEDIUM
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not.