Ibb-openssl


reports in last 90 days

34

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low Windows builds with insecure path defaults (CVE-2019-1552)

Code Injection mirchr Time to triage: 1 Days and 14 hours


Time to close: 26 Days and 5 hours
Resolved

High ChaCha20-Poly1305 with long nonces

Missing Encryption of Sensitive Data jorandirkgreef Time to triage: 71 Days and 12 hours


Time to close: 129 Days and 22 hours
Resolved

Low Client DoS due to large DH parameter (CVE-2018-0732)

Denial of Service guido Issue was not triaged


Time to close: 99 Days and 20 hours
Resolved

Medium SSL_peek() hang on empty record (CVE-2016-6305)

Denial of Service alex_gaynor Time to triage: 31 Days and 7 hours


Time to close: 0 Days and 22 hours
Resolved

Low OOB write in BN_bn2dec() (CVE-2016-2182)

Heap Overflow theyarestone Issue was not triaged


Time to close: 36 Days and 8 hours
Resolved

Low OOB write in MDC2_Update() (CVE-2016-6303)

Heap Overflow theyarestone Issue was not triaged


Time to close: 36 Days and 8 hours
Resolved

Low Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Denial of Service theyarestone Issue was not triaged


Time to close: 36 Days and 8 hours
Resolved

Low Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

Denial of Service theyarestone Issue was not triaged


Time to close: 36 Days and 8 hours
Resolved

Low Certificate message OOB reads (CVE-2016-6306)

Out-of-bounds Read theyarestone Issue was not triaged


Time to close: 36 Days and 8 hours
Resolved

Low OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Out-of-bounds Read theyarestone Issue was not triaged


Time to close: 36 Days and 8 hours
Resolved

Low Malformed SHA512 ticket DoS (CVE-2016-6302)

Denial of Service theyarestone Issue was not triaged


Time to close: 36 Days and 8 hours
Resolved

High OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Denial of Service theyarestone Issue was not triaged


Time to close: 13 Days and 15 hours
Resolved

Medium CVE-2017-3730: Bad (EC)DHE parameters cause a client crash

Denial of Service guido Issue was not triaged


Time to close: 11 Days and 14 hours
Resolved

No rating Double-free in X509 parsing

Memory Corruption - Generic guido Issue was not triaged


Time to close: 49 Days and 11 hours
Resolved

No rating Remote client memory corruption in ssl_add_clienthello_tlsext()

Code Injection guido Issue was not triaged


Time to close: 46 Days and 18 hours
Resolved

No rating CVE-2016-2177 Undefined pointer arithmetic in SSL code

Memory Corruption - Generic guido Issue was not triaged


Time to close: 110 Days and 13 hours
Resolved

No rating Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

Cryptographic Issues - Generic nimia Issue was not triaged


Time to close: 12 Days and 9 hours
Resolved

No rating SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

Cryptographic Issues - Generic nimia Issue was not triaged


Time to close: 12 Days and 9 hours
Resolved

No rating Bleichenbacher oracle in SSLv2 (CVE-2016-0704)

Cryptographic Issues - Generic dadrian Issue was not triaged


Time to close: 19 Days and 11 hours
Resolved

No rating Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)

Cryptographic Issues - Generic dadrian Issue was not triaged


Time to close: 19 Days and 11 hours
Resolved

No rating Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

Cryptographic Issues - Generic jurajsomorovsky Issue was not triaged


Time to close: 12 Days and 1 hours
Resolved

No rating EVP_EncodeUpdate overflow (CVE-2016-2105)

Memory Corruption - Generic guido Issue was not triaged


Time to close: 0 Days and 4 hours
Resolved

No rating EVP_EncryptUpdate overflow (CVE-2016-2106)

Memory Corruption - Generic guido Issue was not triaged


Time to close: 0 Days and 4 hours
Resolved

No rating EBCDIC overread (CVE-2016-2176)

Memory Corruption - Generic guido Issue was not triaged


Time to close: 0 Days and 4 hours
Resolved

No rating Potential double free in EVP_DigestInit_ex

Memory Corruption - Generic guido Issue was not triaged


Time to close: 3 Days and 3 hours
Resolved