Libressl Security Vulnerabilities and Issues — Libressl CVE List

Lucene search

OpenbsdLibressl

3 matches found

CVE•added 2017/04/27 5:59 p.m.•62 views

CVE-2017-8301

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.

5.3CVSS5.2AI score0.00207EPSS

CVE•added 2023/04/12 5:15 a.m.•58 views

CVE-2022-48437

An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installe...

5.3CVSS5.2AI score0.00071EPSS

CVE•added 2021/09/24 3:15 a.m.•38 views

CVE-2021-41581

x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.

5.5CVSS5.5AI score0.00304EPSS