CVE Coverage & Vulnerability Assessment

Comprehensive crypto library vulnerability detection powered by extensive CVE research

84+
Total CVEs Tracked
4
Crypto Libraries Covered
2020-2025
Coverage Period
Real-time
Assessment

🔍 What We Detect

Our vulnerability assessment system analyzes detected crypto libraries and cross-references them against a comprehensive database of known vulnerabilities. When crypto libraries are found in process memory, the scanner automatically:

  • Identifies the library name and version
  • Cross-references against our CVE database
  • Assigns risk levels (Critical, High, Medium, Low)
  • Provides specific CVE numbers and descriptions
  • Suggests fixed versions when available

🆕 Recent Updates

January 2025: Added latest CVE-2025-8885 and CVE-2025-8916 for BouncyCastle 1.77

December 2024: Comprehensive CVE-2024-12797 coverage for OpenSSL RFC7250 Raw Public Key vulnerabilities

📋 Assessment Process

1
Library Detection: Process memory scanning identifies crypto libraries and extracts version information
2
Version Analysis: Library name and version are parsed and normalized for accurate matching
3
CVE Lookup: Version is cross-referenced against our comprehensive vulnerability database
4
Risk Assessment: Vulnerabilities are categorized by severity with specific CVE details and remediation guidance
5
Reporting: Results are integrated into scan reports and dashboard analytics

🔐 OpenSSL Coverage (56 CVEs)

Comprehensive coverage from legacy 0.9.x through current 3.x versions, including critical vulnerabilities like Heartbleed and recent RFC7250 issues.

CVE-2014-0160
CRITICAL
Heartbleed SSL/TLS vulnerability allows memory disclosure
Affects: OpenSSL 1.0.1f | Fixed: 1.0.1g
CVE-2024-12797
HIGH
MitM attack on TLS using raw public keys
Affects: 3.4.0, 3.3.0, 3.2.0 | Fixed: 3.4.1/3.3.2/3.2.4
CVE-2022-3602
HIGH
X.509 email address buffer overflow vulnerabilities
Affects: 3.0.0-3.0.7 | Fixed: 3.0.7
CVE-2021-3711
MEDIUM
SM2 decryption buffer overflow
Affects: 3.0.0 | Fixed: 3.0.1

🛡️ BouncyCastle Coverage (12 CVEs)

Tracking vulnerabilities from version 1.50 through latest 1.78, including recent ASN.1 DoS and LDAP injection issues.

CVE-2025-8885
MEDIUM
Possible DoS in processing specially formed ASN.1 Object Identifiers
Affects: 1.77 | Fixed: 1.78
CVE-2025-8916
MEDIUM
ASN.1 excessive allocation vulnerabilities
Affects: 1.77 | Fixed: 1.78
CVE-2023-33201
MEDIUM
LDAP injection vulnerability
Affects: 1.70-1.73 | Fixed: 1.74
CVE-2020-26939
HIGH
OAEP padding oracle and ECDSA timing attacks
Affects: 1.50-1.65 | Fixed: 1.66

🔒 NSS Coverage (7 CVEs)

Mozilla NSS vulnerability tracking including critical signature verification and PKCS#1 timing attacks.

CVE-2021-43527
CRITICAL
Critical heap overflow in signature verification
Affects: <3.73 | Fixed: 3.73
CVE-2023-6135
MEDIUM
PKCS#1 timing side-channel vulnerability
Affects: <3.61 | Fixed: 3.61
CVE-2020-25648
MEDIUM
TLS 1.3 CCS message DoS vulnerability
Affects: <3.58 | Fixed: 3.58
CVE-2020-12403
MEDIUM
CHACHA20-POLY1305 out-of-bounds reads
Affects: <3.55 | Fixed: 3.55

🔐 GnuTLS Coverage (9 CVEs)

GNU TLS vulnerability database covering timing attacks, certificate validation, and session ticket issues.

CVE-2024-0553
MEDIUM
Timing attack and certificate validation issues
Affects: <3.8.1 | Fixed: 3.8.1
CVE-2023-5981
MEDIUM
RSA-PSK timing side-channel vulnerability
Affects: <3.7.9 | Fixed: 3.7.9
CVE-2020-24659
HIGH
TLS session ticket and DTLS crypto vulnerabilities
Affects: <3.6.15 | Fixed: 3.6.15
CVE-2014-3466
HIGH
Certificate verification bypass
Affects: 3.3.0 | Fixed: 3.3.5

📊 Dashboard Integration

Vulnerability assessment results are automatically integrated into Splunk dashboards with the following fields:

  • vulnerable: Boolean indicating if library has known vulnerabilities
  • risk_level: Critical, High, Medium, or Low risk classification
  • risk_reason: Human-readable explanation of the vulnerability
  • cve_list: Array of applicable CVE identifiers
  • fixed_in_version: Version where vulnerabilities are addressed
  • assessed_at: Timestamp of vulnerability assessment