The int_x509_param_set_hosts function in LibreSSL 2.7.0 before 2.7.1 allows man-in-the-middle attacks via crafted certificate
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
NVD | CVE-2018-8970 | 24 Mar 201821:29 | – | nvd |
Prion | Design/Logic Flaw | 24 Mar 201821:29 | – | prion |
Hacker One | Internet Bug Bounty: Silent omission of certificate hostname verification in LibreSSL and BoringSSL | 25 Mar 201812:36 | – | hackerone |
CVE | CVE-2018-8970 | 24 Mar 201821:29 | – | cve |
OSV | libcrypto46-3.3.4-1.2 on GA media | 15 Jun 202400:00 | – | osv |
Tenable Nessus | openSUSE Security Update : libressl (openSUSE-2018-953) | 4 Sep 201800:00 | – | nessus |
SUSE Linux | Security update for libressl (moderate) | 4 Sep 201800:07 | – | suse |
OpenVAS | openSUSE: Security Advisory for libressl (openSUSE-SU-2018:2597-1) | 4 Sep 201800:00 | – | openvas |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo