This page aggregates publicly disclosed CVE and security risk information related to m2crypto_project, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-50781 | A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. | [email protected] | 7.5 | 0.44% | 2024-02-05 | 2026-05-12 |
| CVE-2020-25657 | A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. | [email protected] | 5.9 | 0.31% | 2021-01-12 | 2024-11-21 |