OpenSSL 1.0.2 is an outdated cryptographic library that powers the SSL/TLS encryption on thousands of websites worldwide. Despite being end-of-life since December 2019, over 5,210 websites still rely on this vulnerable version. Our security research has identified 98 known vulnerabilities, including 7 critical-severity flaws that could allow attackers to execute arbitrary code, steal data, or crash your website entirely.
If your website is running OpenSSL 1.0.2, you're at significant risk. Cybercriminals actively exploit these known vulnerabilities to breach websites and steal sensitive information from visitors. The longer you wait to upgrade, the more exposed your site becomes to sophisticated attacks targeting these specific weaknesses.
This comprehensive guide will show you how to identify if your website uses vulnerable OpenSSL 1.0.2, understand the specific threats you face, and implement a safe upgrade path to protect your users and business.
OpenSSL is the cryptographic library that secures internet communications. It's the technology behind HTTPS—the padlock icon in your browser's address bar. When you visit a website, OpenSSL encrypts the data traveling between your computer and the web server, preventing hackers from intercepting passwords, credit card numbers, or personal information. Without OpenSSL, modern internet security would be impossible.
OpenSSL 1.0.2 was released in January 2015 and served as a stable version for many years. However, technology constantly evolves, and security vulnerabilities are regularly discovered in older software. OpenSSL 1.0.2 reached end-of-life in December 2019, meaning the developers stopped releasing security patches. This means any new vulnerabilities discovered after that date will never be fixed. Running outdated OpenSSL is like leaving your front door unlocked—attackers know exactly where to find the vulnerabilities and how to exploit them.
98 CVEs found. The most critical are explained below.
OpenSSL has a bug where it tries to free the same memory twice when processing certain encryption keys. This happens automatically when your server handles these malformed keys. Attackers can exploit this by sending specially crafted encryption keys to your server.
Impact: Your website could crash or become unstable. In worst cases, attackers might gain control of your server or access sensitive data.
↗ View on NVDOpenSSL miscalculates how long certain text strings are when processing data. When very long strings are sent to your server, this calculation fails. Attackers can send oversized strings to trigger the vulnerability.
Impact: Your server could crash or become unstable. Attackers might read sensitive information from your server's memory.
↗ View on NVDOpenSSL doesn't properly check if it successfully allocated memory when processing certain data. If memory allocation fails silently, the software writes data to wrong memory locations. Remote attackers can trigger this condition.
Impact: Your server could crash, consume excessive memory, or be compromised. Data could be corrupted or stolen.
↗ View on NVDOpenSSL has a flaw in how it reads certain encrypted data formats (ASN.1). A crafted data input can cause the software to write data before allocated memory boundaries. This is a sophisticated but critical vulnerability.
Impact: Attackers could execute malicious code on your server, crash it, or access confidential information like encryption keys and customer data.
↗ View on NVDOpenSSL uses incorrect math when checking memory boundaries for data processing. This mathematical error can be bypassed by attackers sending specific data patterns. The vulnerability relates to how the server handles incoming encrypted connections.
Impact: Your server could crash. Attackers might bypass security checks and access unencrypted data or execute malicious code.
↗ View on NVDVasion Print Virtual Appliance and older macOS/Linux clients use OpenSSL 1.0.2h from May 2016, which stopped receiving security updates in 2019. These versions contain all the critical vulnerabilities listed above. Your organization is running software that no longer receives protection.
Impact: All the vulnerabilities above apply to your system simultaneously with no vendor support. Your printing infrastructure is highly vulnerable to attacks and data breaches.
↗ View on NVDShowing first 10 of 92. View all on NVD ↗
| CVE ID | Severity | Score | Published | Description |
|---|---|---|---|---|
| CVE-2020-7043 | CRITICAL | 9.1 | 2020-02-27 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' ch… |
| CVE-2025-15467 | HIGH | 8.8 | 2026-01-27 | Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer… |
| CVE-2016-2176 | HIGH | 8.2 | 2016-05-05 | The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stac… |
| CVE-2019-12572 | HIGH | 7.8 | 2019-06-21 | A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary co… |
| CVE-2015-1789 | HIGH | 7.5 | 2015-06-12 | The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause … |
| CVE-2015-3193 | HIGH | 7.5 | 2015-12-06 | The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry… |
| CVE-2015-3194 | HIGH | 7.5 | 2015-12-06 | crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)… |
| CVE-2016-0797 | HIGH | 7.5 | 2016-03-03 | Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer deref… |
| CVE-2016-0798 | HIGH | 7.5 | 2016-03-03 | Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consump… |
| CVE-2016-2105 | HIGH | 7.5 | 2016-05-05 | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (hea… |
| CVE-2016-2106 | HIGH | 7.5 | 2016-05-05 | Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (h… |
| CVE-2016-2109 | HIGH | 7.5 | 2016-05-05 | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial… |
| CVE-2016-2180 | HIGH | 7.5 | 2016-08-01 | The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attacke… |
| CVE-2016-6304 | HIGH | 7.5 | 2016-09-26 | Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) v… |
| CVE-2016-7052 | HIGH | 7.5 | 2016-09-26 | crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. |
| CVE-2017-3731 | HIGH | 7.5 | 2017-05-04 | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bound… |
| CVE-2016-8610 | HIGH | 7.5 | 2017-11-13 | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection… |
| CVE-2018-0732 | HIGH | 7.5 | 2018-06-12 | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an … |
| CVE-2021-23840 | HIGH | 7.5 | 2021-02-16 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable… |
| CVE-2022-0778 | HIGH | 7.5 | 2022-03-15 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when pars… |
| CVE-2025-69420 | HIGH | 7.5 | 2026-01-27 | Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, cau… |
| CVE-2025-69421 | HIGH | 7.5 | 2026-01-27 | Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference… |
| CVE-2021-3450 | HIGH | 7.4 | 2021-03-25 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1… |
| CVE-2021-3712 | HIGH | 7.4 | 2021-08-24 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This con… |
| CVE-2025-69419 | HIGH | 7.4 | 2026-01-27 | Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can t… |
| CVE-2022-1292 | HIGH | 7.3 | 2022-05-03 | The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is auto… |
| CVE-2022-2068 | HIGH | 7.3 | 2022-06-21 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to… |
| CVE-2015-0209 | MEDIUM | 6.8 | 2015-03-19 | Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a m… |
| CVE-2015-1791 | MEDIUM | 6.8 | 2015-06-12 | Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used… |
| CVE-2015-1793 | MEDIUM | 6.5 | 2015-07-09 | The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identifica… |
| CVE-2017-3736 | MEDIUM | 6.5 | 2017-11-02 | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests tha… |
| CVE-2018-0739 | MEDIUM | 6.5 | 2018-03-27 | Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could re… |
| CVE-2023-2650 | MEDIUM | 6.5 | 2023-05-30 | Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, … |
| CVE-2025-4575 | MEDIUM | 6.5 | 2025-05-22 | Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to mak… |
| CVE-2026-2673 | MEDIUM | 6.5 | 2026-03-13 | Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using th… |
| CVE-2025-11187 | MEDIUM | 6.1 | 2026-01-27 | Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC ve… |
| CVE-2015-3197 | MEDIUM | 5.9 | 2016-02-15 | ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryp… |
| CVE-2016-0800 | MEDIUM | 5.9 | 2016-03-01 | The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client… |
| CVE-2016-0703 | MEDIUM | 5.9 | 2016-03-02 | The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a … |
| CVE-2016-0704 | MEDIUM | 5.9 | 2016-03-02 | An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, … |
| CVE-2016-2107 | MEDIUM | 5.9 | 2016-05-05 | The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obt… |
| CVE-2016-6306 | MEDIUM | 5.9 | 2016-09-26 | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate oper… |
| CVE-2017-3732 | MEDIUM | 5.9 | 2017-05-04 | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis sugges… |
| CVE-2016-7055 | MEDIUM | 5.9 | 2017-05-04 | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, bu… |
| CVE-2017-3737 | MEDIUM | 5.9 | 2017-12-07 | OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into t… |
| CVE-2017-3738 | MEDIUM | 5.9 | 2017-12-07 | There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks… |
| CVE-2018-0737 | MEDIUM | 5.9 | 2018-04-16 | The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks du… |
| CVE-2018-0734 | MEDIUM | 5.9 | 2018-10-30 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the priva… |
| CVE-2019-1559 | MEDIUM | 5.9 | 2019-02-27 | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently… |
| CVE-2020-1971 | MEDIUM | 5.9 | 2020-12-08 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_… |
| CVE-2021-23841 | MEDIUM | 5.9 | 2021-02-16 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificat… |
| CVE-2021-3449 | MEDIUM | 5.9 | 2021-03-25 | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithm… |
| CVE-2021-4160 | MEDIUM | 5.9 | 2022-01-28 | There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyze… |
| CVE-2024-2511 | MEDIUM | 5.9 | 2024-04-08 | Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain serve… |
| CVE-2025-15468 | MEDIUM | 5.9 | 2026-01-27 | Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs… |
| CVE-2025-66199 | MEDIUM | 5.9 | 2026-01-27 | Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate… |
| CVE-2016-2178 | MEDIUM | 5.5 | 2016-06-20 | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users … |
| CVE-2023-33202 | MEDIUM | 5.5 | 2023-11-23 | Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL … |
| CVE-2025-15469 | MEDIUM | 5.5 | 2026-01-27 | Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact s… |
| CVE-2026-22795 | MEDIUM | 5.5 | 2026-01-27 | Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS… |
| CVE-2015-3195 | MEDIUM | 5.3 | 2015-12-06 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors cause… |
| CVE-2017-3735 | MEDIUM | 5.3 | 2017-08-28 | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. Th… |
| CVE-2019-1551 | MEDIUM | 5.3 | 2019-12-06 | There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks agai… |
| CVE-2020-7041 | MEDIUM | 5.3 | 2020-02-27 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is … |
| CVE-2020-7042 | MEDIUM | 5.3 | 2020-02-27 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitializ… |
| CVE-2026-22796 | MEDIUM | 5.3 | 2026-01-27 | Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the t… |
| CVE-2016-0702 | MEDIUM | 5.1 | 2016-03-03 | The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during … |
| CVE-2015-0207 | MEDIUM | 5.0 | 2015-03-19 | The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to … |
| CVE-2015-0286 | MEDIUM | 5.0 | 2015-03-19 | The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-t… |
| CVE-2015-0287 | MEDIUM | 5.0 | 2015-03-19 | The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE a… |
| CVE-2015-0288 | MEDIUM | 5.0 | 2015-03-19 | The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause… |
| CVE-2015-0289 | MEDIUM | 5.0 | 2015-03-19 | The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which … |
| CVE-2015-0290 | MEDIUM | 5.0 | 2015-03-19 | The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain no… |
| CVE-2015-0291 | MEDIUM | 5.0 | 2015-03-19 | The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an … |
| CVE-2015-0293 | MEDIUM | 5.0 | 2015-03-19 | The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.… |
| CVE-2015-1790 | MEDIUM | 5.0 | 2015-06-12 | The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cau… |
| CVE-2015-1792 | MEDIUM | 5.0 | 2015-06-12 | The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a… |
| CVE-2015-1794 | MEDIUM | 5.0 | 2015-12-06 | The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an… |
| CVE-2019-1547 | MEDIUM | 4.7 | 2019-09-10 | Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group us… |
| CVE-2025-68160 | MEDIUM | 4.7 | 2026-01-27 | Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds wr… |
| CVE-2013-6449 | MEDIUM | 4.3 | 2013-12-23 | The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a… |
| CVE-2015-0208 | MEDIUM | 4.3 | 2015-03-19 | The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial … |
| CVE-2015-0285 | MEDIUM | 4.3 | 2015-03-19 | The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for re… |
| CVE-2015-1788 | MEDIUM | 4.3 | 2015-06-12 | The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParamete… |
| CVE-2015-3196 | MEDIUM | 4.3 | 2015-12-06 | ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect dat… |
| CVE-2025-69418 | MEDIUM | 4.0 | 2026-01-27 | Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave th… |
| CVE-2016-0701 | LOW | 3.7 | 2016-02-15 | The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which… |
| CVE-2019-1563 | LOW | 3.7 | 2019-09-10 | In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be … |
| CVE-2020-1968 | LOW | 3.7 | 2020-09-09 | The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellm… |
| CVE-2021-23839 | LOW | 3.7 | 2021-02-16 | OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is m… |
| CVE-2019-1552 | LOW | 3.3 | 2019-07-30 | OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly ref… |
| CVE-2015-1787 | LOW | 2.6 | 2015-03-19 | The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows r… |
Plain English · Fix recommendations · Instant PDF & HTML download
Scan your site in 30 seconds. Used by 500+ web agencies.
OpenSSL 1.0.2's 98 vulnerabilities represent a serious security risk that extends beyond your website to your visitors' data and privacy. The 7 critical-severity flaws documented in this article could allow attackers to execute code on your server, crash your site, or steal encryption keys. With over 5,210 websites still running this outdated version, attackers have plenty of targets—don't let yours be one of them.
Upgrading OpenSSL is one of the most important security investments you can make today. SiteRecipe.com makes this process simple with our comprehensive vulnerability scanning and remediation guidance. Visit SiteRecipe.com now to scan your website for vulnerable OpenSSL versions, get personalized upgrade recommendations, and join thousands of websites protecting their users from these critical threats. Your website security—and your users' trust—depends on it.
Web agencies use SiteRecipe to produce branded PDF security reports in 30 seconds.