Safeguard
Tag

openssl

Safeguard articles tagged "openssl" — guides, analysis, and best practices for software supply chain and application security.

17 articles

Vulnerability Management

Inside the OpenSSL punycode bug: why CVE-2022-3602 wasn't Heartbleed

OpenSSL pre-announced a 'critical' flaw in October 2022. It shipped as HIGH severity. Here's the buffer overflow, the downgrade, and the safe patch path.

Jul 12, 20265 min read
Vulnerability Analysis

OpenSSL Punycode Overflow (CVE-2022-3602) Explained

CVE-2022-3602 was pre-announced as OpenSSL's next critical bug, then downgraded to high. Here is what the X.509 punycode buffer overflow actually does, why the panic cooled, and how to patch.

Jul 7, 20266 min read
Vulnerability Analysis

Heartbleed (CVE-2014-0160) Explained: When OpenSSL Leaked Memory to Anyone

CVE-2014-0160, Heartbleed, let remote attackers read up to 64KB of an OpenSSL server's memory per request — private keys, sessions, passwords. Here is the missing bounds check that caused it.

Jul 1, 20266 min read
Vulnerability Analysis

Heartbleed OpenSSL vulnerability retrospective

A decade later, Heartbleed (CVE-2014-0160) still explains why software supply chain visibility matters: severity, timeline, and remediation steps revisited.

May 4, 20267 min read
Open Source Security

OpenSSL vs LibreSSL vs BoringSSL in 2026

A 2026 comparison of OpenSSL, LibreSSL, and BoringSSL on security posture, release cadence, FIPS posture, and which one to ship in which context.

Feb 26, 20265 min read
Vulnerability Analysis

What Was the Heartbleed Bug

A deep dive into CVE-2014-0160 (Heartbleed): the OpenSSL heartbeat flaw, its severity, exploitation timeline, and how to remediate it today.

Feb 12, 20269 min read
Vulnerability Response

CVE-2025-15467 in OpenSSL CMS: Patch Posture & SBOM Response

OpenSSL CMS pre-auth stack buffer overflow scored CVSS 9.8. Mail servers, web servers, and anything that processes S/MIME need the fix. Defender playbook below.

Jan 28, 20267 min read
Vulnerability Analysis

Heartbleed OpenSSL memory disclosure (CVE-2014-0160)

Heartbleed (CVE-2014-0160) let attackers silently read server memory over TLS. Here's the impact, timeline, remediation, and how to detect lingering exposure today.

Jan 19, 20268 min read
Vulnerability Analysis

OpenSSL punycode buffer overflow pair (CVE-2022-3602 / CVE-2022-3786)

A deep dive into CVE-2022-3602 and CVE-2022-3786, the OpenSSL punycode buffer overflow pair once dubbed "Heartbleed 2.0" — impact, timeline, and fixes.

Jan 13, 20265 min read
Vulnerability Analysis

OpenSSL BN_mod_sqrt infinite loop DoS (CVE-2022-0778)

CVE-2022-0778 lets attackers hang OpenSSL with a single malformed certificate. Here's the impact, affected versions, and how to remediate fast.

Jan 10, 20267 min read
Secure Development

TLS Library Comparison: OpenSSL vs. LibreSSL vs. BoringSSL

Three forks of the same codebase, three different security philosophies. Here is how to choose the right TLS library for your project.

Sep 20, 20255 min read
Vulnerabilities

CVE-2023-4807: The OpenSSL POLY1305 Flaw on Windows

A cryptographic MAC that silently trashes CPU registers: why CVE-2023-4807 only bites Windows builds of OpenSSL, what it can actually do, and which releases fix it.

Feb 27, 20245 min read
openssl — Safeguard Blog