Openssl

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*

part: a version: * update: *

VendorRuby Lang (5813a634-c286-5f1d-90d5-a1a352f78d39)
ProductOpenssl (ec98b5f2-ac7a-56da-a274-9e0e995dcd21)
Edition*
Language*
Software edition*
Target softwareruby
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2018-16395 vulnerable 2026-06-03 14:38:20.405418 Details available
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Published: 2018-11-16T18:00:00.000Z
Updated: 2024-08-05T10:24:32.106Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-7798 vulnerable 2026-06-03 14:36:08.255076 Details available
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
Published: 2017-01-30T22:00:00.000Z
Updated: 2024-08-06T02:04:56.020Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.