China National Vulnerability DatabaseCNVD-2021-71263openssl buffer overflow vulnerability (CNVD-2021-71263)
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
OpenSSL is an open source general-purpose cryptographic library from the Openssl team capable of implementing the Secure Sockets Layer (SSLv2/v3) and Secure Transport Layer (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, etc. openssl suffers from a buffer overflow vulnerability that stems from the product’s assumption that the ASN.1 string uses NULL as a terminator. An attacker could launch an attack by crafting a non-NULL terminated string that could cause an application memory crash or an application crash.
Related
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P