Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.
References
Link | Resource |
---|---|
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt | Release Notes Vendor Advisory |
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2015/Oct/75 | Exploit Mailing List Third Party Advisory |
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-01-23T19:56:11
Updated: 2020-01-23T19:56:11
Reserved: 2015-07-01T00:00:00
Link: CVE-2015-5334
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-23T20:15:12.027
Modified: 2020-01-30T15:22:39.227
Link: CVE-2015-5334
JSON object: View
Redhat Information
No data.
CWE