7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
OpenSSL is a powerful Secure Sockets Layer cryptographic library that includes all major cryptographic algorithms, commonly used keys, certificate wrapper management functions and SSL protocols, and provides rich applications for testing and other purposes. libssl implements the SSL v2/v3 and TLS v1 protocols. A memory error vulnerability exists in OpenSSL version 3.0.0. The vulnerability is due to a call to the X509_verify_cert() function by libssl to verify a server-provided certificate, which is incorrectly handled by OpenSSL. An attacker could exploit this vulnerability to cause a program to fail to run correctly, which could, for example, result in a crash, infinite loop, or other similar error response.
CPE | Name | Operator | Version |
---|---|---|---|
openssl project openssl | eq | 3.0.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P