OpenSSL Vulnerability Analysis
OpenSSL Vulnerability Analysis
I wrote a small script that downloads all vulnerabilities and their short description. Then I extract some keywords and try to cluster the vulnerabilities. This clustering is not really successfull (Some clusters are huge, some others are extremly small).
Statistics
However, we can extract some statistics about the vulnerabilities (134 in total):
- 6 integer {over,under}flows
- 11 memory corruptions
- 7 oracles
- 5 timing attacks
- 14 buffer over-flows/under-flows/over-reads
- 20 null pointer dereferences (!)
- 8 double-frees
- 2 free-after-uses
- 8 memory leaks
- 5 race conditions
(these categories are overlapping)
I skimmed the list and I guess that ~50 of these vulnerabilities would be solved if OpenSSL were implemented by Rust (null pointer dereferences, buffer overflows, …), so we would be left with this list.
That’s about one third of all vulnerabilities. Not bad.