CVE-2021-41581
|
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination. Published:
September 23, 2021; 11:15:06 PM -0400
|
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
|
CVE-2015-5333
|
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. Published:
January 23, 2020; 4:15:12 PM -0500
|
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
|
CVE-2015-5334
|
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. Published:
January 23, 2020; 3:15:12 PM -0500
|
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
|
CVE-2018-12434
|
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Published:
June 14, 2018; 10:29:00 PM -0400
|
V3.0: 4.7 MEDIUM
V2.0: 1.9 LOW
|
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
