Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24955
HistoryApr 10, 2020 - 1:09 a.m.

Arbitrary Code Execution

2020-04-1001:09:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

openssl is vulnerable to arbitrary code execution. The vulnerability exists as a double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data.

References

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C