Vulnerability in OpenSSL (CVE-2014-3508)

2014-08-06T00:00:00
ID OPENSSL:CVE-2014-3508
Type openssl
Reporter OpenSSL
Modified 2014-08-06T00:00:00

Description

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex, to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. Reported by Ivan Fratric (Google).