Libressl Security Vulnerabilities and Issues — Libressl CVE List

Lucene search

OpenbsdLibressl

5 matches found

CVE•added 2020/01/23 9:15 p.m.•91 views

CVE-2015-5333

Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.

7.5CVSS7.9AI score0.02094EPSS

CVE•added 2021/07/01 3:15 a.m.•61 views

CVE-2019-25048

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

7.1CVSS6.9AI score0.00221EPSS

CVE•added 2021/07/01 3:15 a.m.•60 views

CVE-2019-25049

LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).

7.1CVSS6.8AI score0.00221EPSS

CVE•added 2018/03/24 9:29 p.m.•56 views

CVE-2018-8970

The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain...

7.4CVSS6.9AI score0.00293EPSS

CVE•added 2014/12/29 12:59 a.m.•40 views

CVE-2014-9424

Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake.

7.5CVSS7.7AI score0.0046EPSS