Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44471
HistoryNov 29, 2023 - 9:29 a.m.

Denial Of Service (DoS)

2023-11-2909:29:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
denial of service
cryptography
pkcs7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

cryptography is vulnerable to Denial of Service (DoS). The vulnerability is due to NULL-pointer dereference while loading PKCS7 certificates. This could lead to Denial Of Service if an application is utilizing the load_der_pkcs7_certificates or load_pem_pkcs7_certificates functions.

CPENameOperatorVersion
cryptographyle41.0.5
cryptographyle41.0.5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%