UBUNTU-CVE-2026-28388
- Source
- https://ubuntu.com/security/CVE-2026-28388
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-28388.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-28388
- Upstream
- Downstream
- Related
- Published
- 2026-04-07T00:00:00Z
- Modified
- 2026-04-14T11:02:50.051793Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509VFLAGUSEDELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
- References
Affected packages
Ubuntu:20.04:LTS
edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@0~20191122.bd85bf54-2ubuntu3.6?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0~20190606.*
0~20190606.20d2e5a1-2ubuntu1
0~20190828.*
0~20190828.37eef910-3
0~20190828.37eef910-4
0~20191122.*
0~20191122.bd85bf54-1
0~20191122.bd85bf54-1ubuntu1
0~20191122.bd85bf54-2
0~20191122.bd85bf54-2ubuntu1
0~20191122.bd85bf54-2ubuntu2
0~20191122.bd85bf54-2ubuntu3
0~20191122.bd85bf54-2ubuntu3.1
0~20191122.bd85bf54-2ubuntu3.2
0~20191122.bd85bf54-2ubuntu3.3
0~20191122.bd85bf54-2ubuntu3.4
0~20191122.bd85bf54-2ubuntu3.5
0~20191122.bd85bf54-2ubuntu3.6
Ecosystem specific
{
"binaries": [
{
"binary_version": "0~20191122.bd85bf54-2ubuntu3.6",
"binary_name": "ovmf"
},
{
"binary_version": "0~20191122.bd85bf54-2ubuntu3.6",
"binary_name": "qemu-efi"
},
{
"binary_version": "0~20191122.bd85bf54-2ubuntu3.6",
"binary_name": "qemu-efi-aarch64"
},
{
"binary_version": "0~20191122.bd85bf54-2ubuntu3.6",
"binary_name": "qemu-efi-arm"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:22.04:LTS
edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@2022.02-3ubuntu0.22.04.5?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2021.*
2021.08~rc0-2
2021.08-3
2021.11~rc1-1
2021.11-1
2021.11-2
2022.*
2022.02~rc1-1
2022.02~rc1-1ubuntu1
2022.02-1
2022.02-2
2022.02-3
2022.02-3ubuntu0.22.04.1
2022.02-3ubuntu0.22.04.2
2022.02-3ubuntu0.22.04.3
2022.02-3ubuntu0.22.04.4
2022.02-3ubuntu0.22.04.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2022.02-3ubuntu0.22.04.5",
"binary_name": "ovmf"
},
{
"binary_version": "2022.02-3ubuntu0.22.04.5",
"binary_name": "ovmf-ia32"
},
{
"binary_version": "2022.02-3ubuntu0.22.04.5",
"binary_name": "qemu-efi"
},
{
"binary_version": "2022.02-3ubuntu0.22.04.5",
"binary_name": "qemu-efi-aarch64"
},
{
"binary_version": "2022.02-3ubuntu0.22.04.5",
"binary_name": "qemu-efi-arm"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.23?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.2-0ubuntu1.23
Affected versions
1.*
1.1.1l-1ubuntu1
3.*
3.0.0-1ubuntu1
3.0.1-0ubuntu1
3.0.2-0ubuntu1
3.0.2-0ubuntu1.1
3.0.2-0ubuntu1.2
3.0.2-0ubuntu1.4
3.0.2-0ubuntu1.5
3.0.2-0ubuntu1.6
3.0.2-0ubuntu1.7
3.0.2-0ubuntu1.8
3.0.2-0ubuntu1.9
3.0.2-0ubuntu1.10
3.0.2-0ubuntu1.12
3.0.2-0ubuntu1.13
3.0.2-0ubuntu1.14
3.0.2-0ubuntu1.15
3.0.2-0ubuntu1.16
3.0.2-0ubuntu1.17
3.0.2-0ubuntu1.18
3.0.2-0ubuntu1.19
3.0.2-0ubuntu1.20
3.0.2-0ubuntu1.21
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.2-0ubuntu1.23",
"binary_name": "libssl-dev"
},
{
"binary_version": "3.0.2-0ubuntu1.23",
"binary_name": "libssl3"
},
{
"binary_version": "3.0.2-0ubuntu1.23",
"binary_name": "openssl"
}
],
"availability": "No subscription required",
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:24.04:LTS
edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@2024.02-2ubuntu0.7?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2023.*
2023.05-2
2023.11-2
2023.11-3
2023.11-4
2023.11-5
2023.11-6
2023.11-8
2024.*
2024.02-1
2024.02-2
2024.02-2ubuntu0.1
2024.02-2ubuntu0.3
2024.02-2ubuntu0.4
2024.02-2ubuntu0.5
2024.02-2ubuntu0.6
2024.02-2ubuntu0.7
Ecosystem specific
{
"binaries": [
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "efi-shell-aa64"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "efi-shell-arm"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "efi-shell-ia32"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "efi-shell-riscv64"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "efi-shell-x64"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "ovmf"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "ovmf-ia32"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "qemu-efi-aarch64"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "qemu-efi-arm"
},
{
"binary_version": "2024.02-2ubuntu0.7",
"binary_name": "qemu-efi-riscv64"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.9?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.13-0ubuntu3.9
Affected versions
3.*
3.0.10-1ubuntu2
3.0.10-1ubuntu2.1
3.0.10-1ubuntu3
3.0.10-1ubuntu4
3.0.13-0ubuntu2
3.0.13-0ubuntu3
3.0.13-0ubuntu3.1
3.0.13-0ubuntu3.2
3.0.13-0ubuntu3.3
3.0.13-0ubuntu3.4
3.0.13-0ubuntu3.5
3.0.13-0ubuntu3.6
3.0.13-0ubuntu3.7
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.13-0ubuntu3.9",
"binary_name": "libssl-dev"
},
{
"binary_version": "3.0.13-0ubuntu3.9",
"binary_name": "libssl3t64"
},
{
"binary_version": "3.0.13-0ubuntu3.9",
"binary_name": "openssl"
}
],
"availability": "No subscription required",
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:25.10
edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@2025.02-8ubuntu3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2025.*
2025.02-3ubuntu2
2025.02-8
2025.02-8ubuntu1
2025.02-8ubuntu2
2025.02-8ubuntu3
Ecosystem specific
{
"binaries": [
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "efi-shell-aa64"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "efi-shell-arm"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "efi-shell-ia32"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "efi-shell-loongarch64"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "efi-shell-riscv64"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "efi-shell-x64"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "ovmf"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "ovmf-ia32"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "ovmf-inteltdx"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "qemu-efi-aarch64"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "qemu-efi-arm"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "qemu-efi-loongarch64"
},
{
"binary_version": "2025.02-8ubuntu3",
"binary_name": "qemu-efi-riscv64"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.5.3-1ubuntu3.3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.3-1ubuntu3.3
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.5.3-1ubuntu3.3",
"binary_name": "libssl-dev"
},
{
"binary_version": "3.5.3-1ubuntu3.3",
"binary_name": "libssl3t64"
},
{
"binary_version": "3.5.3-1ubuntu3.3",
"binary_name": "openssl"
},
{
"binary_version": "3.5.3-1ubuntu3.3",
"binary_name": "openssl-provider-legacy"
}
],
"availability": "No subscription required",
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:14.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.27+esm13?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.1f-1ubuntu2.27+esm13
Affected versions
1.*
1.0.1e-3ubuntu1
1.0.1e-4ubuntu1
1.0.1e-4ubuntu2
1.0.1e-4ubuntu3
1.0.1e-4ubuntu4
1.0.1f-1ubuntu1
1.0.1f-1ubuntu2
1.0.1f-1ubuntu2.1
1.0.1f-1ubuntu2.2
1.0.1f-1ubuntu2.3
1.0.1f-1ubuntu2.4
1.0.1f-1ubuntu2.5
1.0.1f-1ubuntu2.7
1.0.1f-1ubuntu2.8
1.0.1f-1ubuntu2.11
1.0.1f-1ubuntu2.12
1.0.1f-1ubuntu2.15
1.0.1f-1ubuntu2.16
1.0.1f-1ubuntu2.17
1.0.1f-1ubuntu2.18
1.0.1f-1ubuntu2.19
1.0.1f-1ubuntu2.20
1.0.1f-1ubuntu2.21
1.0.1f-1ubuntu2.22
1.0.1f-1ubuntu2.23
1.0.1f-1ubuntu2.24
1.0.1f-1ubuntu2.25
1.0.1f-1ubuntu2.26
1.0.1f-1ubuntu2.27
1.0.1f-1ubuntu2.27+esm1
1.0.1f-1ubuntu2.27+esm2
1.0.1f-1ubuntu2.27+esm3
1.0.1f-1ubuntu2.27+esm4
1.0.1f-1ubuntu2.27+esm5
1.0.1f-1ubuntu2.27+esm6
1.0.1f-1ubuntu2.27+esm7
1.0.1f-1ubuntu2.27+esm9
1.0.1f-1ubuntu2.27+esm10
1.0.1f-1ubuntu2.27+esm11
1.0.1f-1ubuntu2.27+esm12
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.0.1f-1ubuntu2.27+esm13",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.0.1f-1ubuntu2.27+esm13",
"binary_name": "libssl1.0.0"
},
{
"binary_version": "1.0.1f-1ubuntu2.27+esm13",
"binary_name": "openssl"
}
],
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:16.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.20+esm15?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2g-1ubuntu4.20+esm15
Affected versions
1.*
1.0.2d-0ubuntu1
1.0.2d-0ubuntu2
1.0.2e-1ubuntu1
1.0.2f-2ubuntu1
1.0.2g-1ubuntu2
1.0.2g-1ubuntu3
1.0.2g-1ubuntu4
1.0.2g-1ubuntu4.1
1.0.2g-1ubuntu4.2
1.0.2g-1ubuntu4.4
1.0.2g-1ubuntu4.5
1.0.2g-1ubuntu4.6
1.0.2g-1ubuntu4.8
1.0.2g-1ubuntu4.9
1.0.2g-1ubuntu4.10
1.0.2g-1ubuntu4.11
1.0.2g-1ubuntu4.12
1.0.2g-1ubuntu4.13
1.0.2g-1ubuntu4.14
1.0.2g-1ubuntu4.15
1.0.2g-1ubuntu4.16
1.0.2g-1ubuntu4.17
1.0.2g-1ubuntu4.18
1.0.2g-1ubuntu4.19
1.0.2g-1ubuntu4.20
1.0.2g-1ubuntu4.20+esm1
1.0.2g-1ubuntu4.20+esm2
1.0.2g-1ubuntu4.20+esm3
1.0.2g-1ubuntu4.20+esm4
1.0.2g-1ubuntu4.20+esm5
1.0.2g-1ubuntu4.20+esm6
1.0.2g-1ubuntu4.20+esm7
1.0.2g-1ubuntu4.20+esm9
1.0.2g-1ubuntu4.20+esm10
1.0.2g-1ubuntu4.20+esm11
1.0.2g-1ubuntu4.20+esm12
1.0.2g-1ubuntu4.20+esm13
1.0.2g-1ubuntu4.20+esm14
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.0.2g-1ubuntu4.20+esm15",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.0.2g-1ubuntu4.20+esm15",
"binary_name": "libssl1.0.0"
},
{
"binary_version": "1.0.2g-1ubuntu4.20+esm15",
"binary_name": "openssl"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@0~20160408.ffea0a2c-2ubuntu0.2+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0~20150106.*
0~20150106.5c2d456b-2
0~20160104.*
0~20160104.c2a892d7-1
0~20160408.*
0~20160408.ffea0a2c-2
0~20160408.ffea0a2c-2ubuntu0.1
0~20160408.ffea0a2c-2ubuntu0.2
0~20160408.ffea0a2c-2ubuntu0.2+esm1
0~20160408.ffea0a2c-2ubuntu0.2+esm3
nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/ubuntu/nodejs@4.2.6~dfsg-1ubuntu4.2+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.10.25~dfsg2-2ubuntu1
4.*
4.2.2~dfsg-1
4.2.3~dfsg-1
4.2.4~dfsg-1ubuntu1
4.2.4~dfsg-2
4.2.6~dfsg-1ubuntu1
4.2.6~dfsg-1ubuntu4
4.2.6~dfsg-1ubuntu4.1
4.2.6~dfsg-1ubuntu4.2
4.2.6~dfsg-1ubuntu4.2+esm1
4.2.6~dfsg-1ubuntu4.2+esm2
4.2.6~dfsg-1ubuntu4.2+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm3",
"binary_name": "nodejs"
},
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm3",
"binary_name": "nodejs-dev"
},
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm3",
"binary_name": "nodejs-legacy"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:18.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.1~18.04.23+esm8?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1-1ubuntu2.1~18.04.23+esm8
Affected versions
1.*
1.0.2g-1ubuntu13
1.0.2g-1ubuntu14
1.0.2n-1ubuntu1
1.1.0g-2ubuntu1
1.1.0g-2ubuntu2
1.1.0g-2ubuntu3
1.1.0g-2ubuntu4
1.1.0g-2ubuntu4.1
1.1.0g-2ubuntu4.3
1.1.1-1ubuntu2.1~18.04.1
1.1.1-1ubuntu2.1~18.04.2
1.1.1-1ubuntu2.1~18.04.3
1.1.1-1ubuntu2.1~18.04.4
1.1.1-1ubuntu2.1~18.04.5
1.1.1-1ubuntu2.1~18.04.6
1.1.1-1ubuntu2.1~18.04.7
1.1.1-1ubuntu2.1~18.04.8
1.1.1-1ubuntu2.1~18.04.9
1.1.1-1ubuntu2.1~18.04.10
1.1.1-1ubuntu2.1~18.04.13
1.1.1-1ubuntu2.1~18.04.14
1.1.1-1ubuntu2.1~18.04.15
1.1.1-1ubuntu2.1~18.04.17
1.1.1-1ubuntu2.1~18.04.19
1.1.1-1ubuntu2.1~18.04.20
1.1.1-1ubuntu2.1~18.04.21
1.1.1-1ubuntu2.1~18.04.22
1.1.1-1ubuntu2.1~18.04.23
1.1.1-1ubuntu2.1~18.04.23+esm1
1.1.1-1ubuntu2.1~18.04.23+esm3
1.1.1-1ubuntu2.1~18.04.23+esm4
1.1.1-1ubuntu2.1~18.04.23+esm5
1.1.1-1ubuntu2.1~18.04.23+esm6
1.1.1-1ubuntu2.1~18.04.23+esm7
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.1.1-1ubuntu2.1~18.04.23+esm8",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.1.1-1ubuntu2.1~18.04.23+esm8",
"binary_name": "libssl1.1"
},
{
"binary_version": "1.1.1-1ubuntu2.1~18.04.23+esm8",
"binary_name": "openssl"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}openssl1.0
Package
- Name
- openssl1.0
- Purl
- pkg:deb/ubuntu/openssl1.0@1.0.2n-1ubuntu5.13+esm4?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2n-1ubuntu5.13+esm4
Affected versions
1.*
1.0.2n-1ubuntu2
1.0.2n-1ubuntu3
1.0.2n-1ubuntu4
1.0.2n-1ubuntu5
1.0.2n-1ubuntu5.1
1.0.2n-1ubuntu5.2
1.0.2n-1ubuntu5.3
1.0.2n-1ubuntu5.4
1.0.2n-1ubuntu5.5
1.0.2n-1ubuntu5.6
1.0.2n-1ubuntu5.7
1.0.2n-1ubuntu5.8
1.0.2n-1ubuntu5.9
1.0.2n-1ubuntu5.10
1.0.2n-1ubuntu5.11
1.0.2n-1ubuntu5.12
1.0.2n-1ubuntu5.13
1.0.2n-1ubuntu5.13+esm1
1.0.2n-1ubuntu5.13+esm2
1.0.2n-1ubuntu5.13+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.0.2n-1ubuntu5.13+esm4",
"binary_name": "libssl1.0-dev"
},
{
"binary_version": "1.0.2n-1ubuntu5.13+esm4",
"binary_name": "libssl1.0.0"
},
{
"binary_version": "1.0.2n-1ubuntu5.13+esm4",
"binary_name": "openssl1.0"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@0~20180205.c0d9813c-2ubuntu0.3+esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0~20170911.*
0~20170911.5dfba97c-1
0~20171010.*
0~20171010.234dbcef-1
0~20171027.*
0~20171027.76fd5a66-1
0~20171205.*
0~20171205.a9212288-1
0~20180105.*
0~20180105.0bc94c74-1
0~20180205.*
0~20180205.c0d9813c-1
0~20180205.c0d9813c-2
0~20180205.c0d9813c-2ubuntu0.1
0~20180205.c0d9813c-2ubuntu0.2
0~20180205.c0d9813c-2ubuntu0.3
0~20180205.c0d9813c-2ubuntu0.3+esm1
0~20180205.c0d9813c-2ubuntu0.3+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2",
"binary_name": "ovmf"
},
{
"binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2",
"binary_name": "qemu-efi"
},
{
"binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2",
"binary_name": "qemu-efi-aarch64"
},
{
"binary_version": "0~20180205.c0d9813c-2ubuntu0.3+esm2",
"binary_name": "qemu-efi-arm"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/ubuntu/nodejs@8.10.0~dfsg-2ubuntu0.4+esm6?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.11.4~dfsg-1ubuntu1
6.11.4~dfsg-1ubuntu2
6.12.0~dfsg-1ubuntu1
6.12.0~dfsg-2ubuntu1
6.12.0~dfsg-2ubuntu2
8.*
8.10.0~dfsg-2
8.10.0~dfsg-2ubuntu0.2
8.10.0~dfsg-2ubuntu0.3
8.10.0~dfsg-2ubuntu0.4
8.10.0~dfsg-2ubuntu0.4+esm1
8.10.0~dfsg-2ubuntu0.4+esm2
8.10.0~dfsg-2ubuntu0.4+esm3
8.10.0~dfsg-2ubuntu0.4+esm4
8.10.0~dfsg-2ubuntu0.4+esm5
8.10.0~dfsg-2ubuntu0.4+esm6
Ubuntu:Pro:20.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.24+esm3?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1f-1ubuntu2.24+esm3
Affected versions
1.*
1.1.1c-1ubuntu4
1.1.1d-2ubuntu3
1.1.1d-2ubuntu6
1.1.1f-1ubuntu1
1.1.1f-1ubuntu2
1.1.1f-1ubuntu2.1
1.1.1f-1ubuntu2.2
1.1.1f-1ubuntu2.3
1.1.1f-1ubuntu2.4
1.1.1f-1ubuntu2.5
1.1.1f-1ubuntu2.8
1.1.1f-1ubuntu2.9
1.1.1f-1ubuntu2.10
1.1.1f-1ubuntu2.11
1.1.1f-1ubuntu2.12
1.1.1f-1ubuntu2.13
1.1.1f-1ubuntu2.15
1.1.1f-1ubuntu2.16
1.1.1f-1ubuntu2.17
1.1.1f-1ubuntu2.18
1.1.1f-1ubuntu2.19
1.1.1f-1ubuntu2.20
1.1.1f-1ubuntu2.21
1.1.1f-1ubuntu2.22
1.1.1f-1ubuntu2.23
1.1.1f-1ubuntu2.24
1.1.1f-1ubuntu2.24+esm1
1.1.1f-1ubuntu2.24+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.1.1f-1ubuntu2.24+esm3",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.1.1f-1ubuntu2.24+esm3",
"binary_name": "libssl1.1"
},
{
"binary_version": "1.1.1f-1ubuntu2.24+esm3",
"binary_name": "openssl"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:22.04:LTS
nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.6+esm2?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
12.*
12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3
12.22.9~dfsg-1ubuntu3.1
12.22.9~dfsg-1ubuntu3.2
12.22.9~dfsg-1ubuntu3.3
12.22.9~dfsg-1ubuntu3.4
12.22.9~dfsg-1ubuntu3.5
12.22.9~dfsg-1ubuntu3.6
12.22.9~dfsg-1ubuntu3.6+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2",
"binary_name": "libnode-dev"
},
{
"binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2",
"binary_name": "libnode72"
},
{
"binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2",
"binary_name": "nodejs"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:FIPS-preview:22.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.12+Fips1?arch=source&distro=fips-preview/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.2-0ubuntu1.12+Fips1",
"binary_name": "libssl-dev"
},
{
"binary_version": "3.0.2-0ubuntu1.12+Fips1",
"binary_name": "libssl3"
},
{
"binary_version": "3.0.2-0ubuntu1.12+Fips1",
"binary_name": "openssl"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}openssl-fips
Package
- Name
- openssl-fips
- Purl
- pkg:deb/ubuntu/openssl-fips@3.0.5-0ubuntu0.1+Fips2.1?arch=source&distro=fips-preview/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:FIPS-updates:18.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.fips.2.1~18.04.23.7?arch=source&distro=fips-updates/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.1.1-1ubuntu2.fips.2.1~18.04.5.1
1.1.1-1ubuntu2.fips.2.1~18.04.6.1
1.1.1-1ubuntu2.fips.2.1~18.04.7.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.2
1.1.1-1ubuntu2.fips.2.1~18.04.9.3
1.1.1-1ubuntu2.fips.2.1~18.04.13.2
1.1.1-1ubuntu2.fips.2.1~18.04.15
1.1.1-1ubuntu2.fips.2.1~18.04.15.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2
1.1.1-1ubuntu2.fips.2.1~18.04.17
1.1.1-1ubuntu2.fips.2.1~18.04.20
1.1.1-1ubuntu2.fips.2.1~18.04.21
1.1.1-1ubuntu2.fips.2.1~18.04.22
1.1.1-1ubuntu2.fips.2.1~18.04.23
1.1.1-1ubuntu2.fips.2.1~18.04.23.3
1.1.1-1ubuntu2.fips.2.1~18.04.23.4
1.1.1-1ubuntu2.fips.2.1~18.04.23.5
1.1.1-1ubuntu2.fips.2.1~18.04.23.6
1.1.1-1ubuntu2.fips.2.1~18.04.23.7
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.7",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.7",
"binary_name": "libssl1.1"
},
{
"binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.7",
"binary_name": "libssl1.1-hmac"
},
{
"binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.23.7",
"binary_name": "openssl"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:FIPS-updates:20.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.fips.24.2?arch=source&distro=fips-updates/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.1.1f-1ubuntu2.fips.7
1.1.1f-1ubuntu2.fips.7.2
1.1.1f-1ubuntu2.fips.12
1.1.1f-1ubuntu2.fips.13
1.1.1f-1ubuntu2.fips.13.1
1.1.1f-1ubuntu2.fips.16
1.1.1f-1ubuntu2.fips.17
1.1.1f-1ubuntu2.fips.18
1.1.1f-1ubuntu2.fips.19
1.1.1f-1ubuntu2.fips.20
1.1.1f-1ubuntu2.fips.21
1.1.1f-1ubuntu2.fips.22
1.1.1f-1ubuntu2.fips.24
1.1.1f-1ubuntu2.fips.24.1
1.1.1f-1ubuntu2.fips.24.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.1.1f-1ubuntu2.fips.24.2",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.1.1f-1ubuntu2.fips.24.2",
"binary_name": "libssl1.1"
},
{
"binary_version": "1.1.1f-1ubuntu2.fips.24.2",
"binary_name": "libssl1.1-hmac"
},
{
"binary_version": "1.1.1f-1ubuntu2.fips.24.2",
"binary_name": "openssl"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:FIPS-updates:22.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.21+Fips1?arch=source&distro=fips-updates/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.2-0ubuntu1.10+Fips1
3.0.2-0ubuntu1.12+Fips1
3.0.2-0ubuntu1.14+Fips1
3.0.2-0ubuntu1.15+Fips1
3.0.2-0ubuntu1.16+Fips1
3.0.2-0ubuntu1.17+Fips1
3.0.2-0ubuntu1.18+Fips1
3.0.2-0ubuntu1.19+Fips1
3.0.2-0ubuntu1.20+Fips1
3.0.2-0ubuntu1.21+Fips1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.2-0ubuntu1.21+Fips1",
"binary_name": "libssl-dev"
},
{
"binary_version": "3.0.2-0ubuntu1.21+Fips1",
"binary_name": "libssl3"
},
{
"binary_version": "3.0.2-0ubuntu1.21+Fips1",
"binary_name": "openssl"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}openssl-fips
Package
- Name
- openssl-fips
- Purl
- pkg:deb/ubuntu/openssl-fips@3.0.5-0ubuntu0.2+Fips1?arch=source&distro=fips-updates/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.5-0ubuntu0.2+Fips1",
"binary_name": "openssl-fips-module-3"
},
{
"binary_version": "3.0.5-0ubuntu0.2+Fips1",
"binary_name": "openssl-fips-module-3-dev"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:FIPS-updates:24.04:LTS
openssl-fips
Package
- Name
- openssl-fips
- Purl
- pkg:deb/ubuntu/openssl-fips@3.0.13-0ubuntu3.6+Fips1?arch=source&distro=fips-updates/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:FIPS:16.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.fips.4.20.14?arch=source&distro=fips-updates/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.0.2g-1ubuntu4.fips.4.9.1
1.0.2g-1ubuntu4.fips.4.13.1
1.0.2g-1ubuntu4.fips.4.15.1
1.0.2g-1ubuntu4.fips.4.16.1
1.0.2g-1ubuntu4.fips.4.17.1
1.0.2g-1ubuntu4.fips.4.18.1
1.0.2g-1ubuntu4.fips.4.19.3
1.0.2g-1ubuntu4.fips.4.20.1
1.0.2g-1ubuntu4.fips.4.20.2
1.0.2g-1ubuntu4.fips.4.20.3
1.0.2g-1ubuntu4.fips.4.20.6
1.0.2g-1ubuntu4.fips.4.20.7
1.0.2g-1ubuntu4.fips.4.20.9
1.0.2g-1ubuntu4.fips.4.20.10
1.0.2g-1ubuntu4.fips.4.20.11
1.0.2g-1ubuntu4.fips.4.20.12
1.0.2g-1ubuntu4.fips.4.20.13
1.0.2g-1ubuntu4.fips.4.20.14
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.0.2g-1ubuntu4.fips.4.20.14",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.0.2g-1ubuntu4.fips.4.20.14",
"binary_name": "libssl1.0.0"
},
{
"binary_version": "1.0.2g-1ubuntu4.fips.4.20.14",
"binary_name": "libssl1.0.0-hmac"
},
{
"binary_version": "1.0.2g-1ubuntu4.fips.4.20.14",
"binary_name": "openssl"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.fips.4.6.3?arch=source&distro=fips/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.0.2g-1ubuntu4.fips.4.6~ppa1
1.0.2g-1ubuntu4.fips.4.6~ppa2
1.0.2g-1ubuntu4.fips.4.6~ppa3
1.0.2g-1ubuntu4.fips.4.6
1.0.2g-1ubuntu4.fips.4.6.1
1.0.2g-1ubuntu4.fips.4.6.2
1.0.2g-1ubuntu4.fips.4.6.3
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.0.2g-1ubuntu4.fips.4.6.3",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.0.2g-1ubuntu4.fips.4.6.3",
"binary_name": "libssl1.0.0"
},
{
"binary_version": "1.0.2g-1ubuntu4.fips.4.6.3",
"binary_name": "libssl1.0.0-hmac"
},
{
"binary_version": "1.0.2g-1ubuntu4.fips.4.6.3",
"binary_name": "openssl"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:FIPS:18.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.fips.2.1~18.04.15.2?arch=source&distro=fips/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2",
"binary_name": "libssl1.1"
},
{
"binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2",
"binary_name": "libssl1.1-hmac"
},
{
"binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.15.2",
"binary_name": "openssl"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}Ubuntu:Pro:FIPS:20.04:LTS
openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.fips.7.1?arch=source&distro=fips/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.1.1f-1ubuntu2.fips.7.1",
"binary_name": "libssl-dev"
},
{
"binary_version": "1.1.1f-1ubuntu2.fips.7.1",
"binary_name": "libssl1.1"
},
{
"binary_version": "1.1.1f-1ubuntu2.fips.7.1",
"binary_name": "libssl1.1-hmac"
},
{
"binary_version": "1.1.1f-1ubuntu2.fips.7.1",
"binary_name": "openssl"
}
],
"priority_reason": "OpenSSL developers have rated this issue as being low severity"
}