7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security (TLS) protocol, which is implemented based on the Full Strength Common Cryptographic Library for protecting communications on computer networks from eavesdropping and is widely used by Internet servers. openSSL suffers from a denial-of-service vulnerability that could be exploited by an attacker to craft a certificate containing a malicious email address to overflow containing “.” to cause a service crash.
CPE | Name | Operator | Version |
---|---|---|---|
OpenSSL OpenSSL 3.*, | lt | 3.0.7 |