7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
47.4%
An invalid pointer dereference on read can be triggered when an application
tries to check a malformed DSA public key by the EVP_PKEY_public_check()
function. This will most likely lead to an application crash. This function
can be called on public keys supplied from untrusted sources which could
allow an attacker to cause a denial of service attack. The TLS
implementation in OpenSSL does not call this function but applications
might call the function if there are additional security requirements
imposed by standards such as FIPS 140-3.
Author | Note |
---|---|
mdeslaur | 3.x only |