Memory leak in the OBJ_obj2txt function in LibreSSL prior to 2.3.1 allows remote malicious users to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd libressl |
||
opensuse opensuse 13.2 |
Code review: it works
Updated Code reviewers looking over a mail daemon have turned up a couple of reasonably serious bugs in the Libre SSL code base – and along the way provided a handy illustration of the deep interdependencies between software. What they've found is that there's a companion memory leak (CVE-2015-5333) and buffer overflow (CVE-2015-5334) in the SSL replacement candidate. The researchers from Qualys (their notice published here) said they were trying to see if a remote code execution attack is fea...