All openssl CVEs — Complete Vulnerability History
The Rust openssl crate wraps OpenSSL via FFI. When OpenSSL has a CVE, this crate inherits it. CVE-2023-0286 is CRITICAL and on CISA KEV.
Rust
N/A weekly downloads
4 CVEs total
1 CRITICAL
🔴 CISA KEV
Full CVE history
🔴 1 CVE on CISA KEV — actively exploited in real attacks
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2022-0778 | 2022 | HIGH | Infinite loop in BN_mod_sqrt — affects cert parsing | Fixed 0.10.40 |
| CVE-2022-3786 | 2022 | HIGH | Buffer overflow in X.509 cert verification | Fixed 0.10.43 |
| CVE-2022-3602 | 2022 | HIGH | Buffer overflow in X.509 cert verification (variant) | Fixed 0.10.43 |
| CVE-2023-0286 | 2023 | 🔴CRITICAL | X.400 type confusion — CISA KEV | Fixed 0.10.48 |
Current safe version: 0.10.66
# Before
"openssl = "0.10.30"
# After
"openssl = "0.10.66"
Then run: cargo update
Paste your manifest — see your exact versions against the full CVE history.
Scan with PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Should I use rustls instead of openssl?
rustls is a pure-Rust TLS implementation with no C dependencies — it's memory-safe by default and doesn't inherit OpenSSL CVEs. For new projects, rustls is recommended. reqwest supports both via feature flags.
Does openssl = "0.10.66" automatically use the latest OpenSSL?
The openssl crate links to the system OpenSSL. The crate version and the OpenSSL version are separate. Keep both updated — the crate version and your system's OpenSSL library.