openssl 2.0.0.beta.2

3 security vulnerabilities found in version 2.0.0.beta.2

Incorrect value comparison in Ruby openssl

critical severity CVE-2018-16395
critical severity CVE-2018-16395
Patched versions: >= 2.1.2

An issue was discovered in the OpenSSL library in Ruby when two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

Ruby OpenSSL DoS Vulnerability

high severity CVE-2017-14033
high severity CVE-2017-14033
Patched versions: > 2.0.0

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

Incorrect handling of initialization vector in the GCM mode in OpenSSL

high severity CVE-2016-7798
high severity CVE-2016-7798
Patched versions: >= 2.0.0

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.