x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
References
Link | Resource |
---|---|
https://github.com/libressl-portable/openbsd/issues/126 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-24T02:12:33
Updated: 2021-09-24T02:12:33
Reserved: 2021-09-24T00:00:00
Link: CVE-2021-41581
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-24T03:15:06.567
Modified: 2021-09-29T21:35:54.177
Link: CVE-2021-41581
JSON object: View
Redhat Information
No data.
CWE