openssl
Safeguard articles tagged "openssl" — guides, analysis, and best practices for software supply chain and application security.
17 articles
Inside the OpenSSL punycode bug: why CVE-2022-3602 wasn't Heartbleed
OpenSSL pre-announced a 'critical' flaw in October 2022. It shipped as HIGH severity. Here's the buffer overflow, the downgrade, and the safe patch path.
OpenSSL Punycode Overflow (CVE-2022-3602) Explained
CVE-2022-3602 was pre-announced as OpenSSL's next critical bug, then downgraded to high. Here is what the X.509 punycode buffer overflow actually does, why the panic cooled, and how to patch.
Heartbleed (CVE-2014-0160) Explained: When OpenSSL Leaked Memory to Anyone
CVE-2014-0160, Heartbleed, let remote attackers read up to 64KB of an OpenSSL server's memory per request — private keys, sessions, passwords. Here is the missing bounds check that caused it.
Heartbleed OpenSSL vulnerability retrospective
A decade later, Heartbleed (CVE-2014-0160) still explains why software supply chain visibility matters: severity, timeline, and remediation steps revisited.
OpenSSL vs LibreSSL vs BoringSSL in 2026
A 2026 comparison of OpenSSL, LibreSSL, and BoringSSL on security posture, release cadence, FIPS posture, and which one to ship in which context.
What Was the Heartbleed Bug
A deep dive into CVE-2014-0160 (Heartbleed): the OpenSSL heartbeat flaw, its severity, exploitation timeline, and how to remediate it today.
CVE-2025-15467 in OpenSSL CMS: Patch Posture & SBOM Response
OpenSSL CMS pre-auth stack buffer overflow scored CVSS 9.8. Mail servers, web servers, and anything that processes S/MIME need the fix. Defender playbook below.
Heartbleed OpenSSL memory disclosure (CVE-2014-0160)
Heartbleed (CVE-2014-0160) let attackers silently read server memory over TLS. Here's the impact, timeline, remediation, and how to detect lingering exposure today.
OpenSSL punycode buffer overflow pair (CVE-2022-3602 / CVE-2022-3786)
A deep dive into CVE-2022-3602 and CVE-2022-3786, the OpenSSL punycode buffer overflow pair once dubbed "Heartbleed 2.0" — impact, timeline, and fixes.
OpenSSL BN_mod_sqrt infinite loop DoS (CVE-2022-0778)
CVE-2022-0778 lets attackers hang OpenSSL with a single malformed certificate. Here's the impact, affected versions, and how to remediate fast.
TLS Library Comparison: OpenSSL vs. LibreSSL vs. BoringSSL
Three forks of the same codebase, three different security philosophies. Here is how to choose the right TLS library for your project.
CVE-2023-4807: The OpenSSL POLY1305 Flaw on Windows
A cryptographic MAC that silently trashes CPU registers: why CVE-2023-4807 only bites Windows builds of OpenSSL, what it can actually do, and which releases fix it.