Vulnerabilites related to openbsd - libressl
Vulnerability from fkie_nvd
Published
2017-04-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/oss-sec/2017/q2/145 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98076 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/libressl-portable/portable/issues/307 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://trac.nginx.org/nginx/ticket/1257 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2017/q2/145 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98076 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libressl-portable/portable/issues/307 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://trac.nginx.org/nginx/ticket/1257 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "846323F0-F08C-4049-991A-CE30AF85285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:libressl:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14FC63B-731F-4681-AD3F-C1BAE56F97EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:libressl:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8664FE1D-C187-44D1-86F9-C86A929B4859",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx."
},
{
"lang": "es",
"value": "LibreSSL en las versiones 2.5.1 hasta la 2.5.3 carece de verificaci\u00f3n de certificados TLS si se invoca SSL_get_verify_result para una comprobaci\u00f3n posterior de un resultado de verificaci\u00f3n, en un caso de uso en el que una devoluci\u00f3n de llamada de verificaci\u00f3n proporcionada por el usuario devuelve 1, como lo demuestra la aceptaci\u00f3n de certificados no v\u00e1lidos por nginx."
}
],
"id": "CVE-2017-8301",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-27T17:59:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2017/q2/145"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98076"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/portable/issues/307"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://trac.nginx.org/nginx/ticket/1257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2017/q2/145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/portable/issues/307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://trac.nginx.org/nginx/ticket/1257"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 21:15
Modified
2024-11-21 02:32
Severity ?
Summary
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "263ED210-2C74-4F7F-AF91-65970FD4EE7A",
"versionEndExcluding": "2.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates."
},
{
"lang": "es",
"value": "Una p\u00e9rdida de memoria en la funci\u00f3n OBJ_obj2txt en LibreSSL versiones anteriores a 2.3.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) por medio de un gran n\u00famero de identificadores de objetos ASN.1 en los certificados X.509."
}
],
"id": "CVE-2015-5333",
"lastModified": "2024-11-21T02:32:48.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T21:15:12.317",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-15 02:29
Modified
2024-11-21 03:45
Severity ?
Summary
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0B0BEC-AEA8-49B1-9F6F-D68E9AF6E286",
"versionEndExcluding": "2.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:libressl:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39DDFDEF-AD05-444B-8BCE-018EC7393F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:libressl:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D898BAE-26E6-43D4-AF78-A802AAAE4133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:libressl:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2CEB91-A7B2-49FC-A178-DADFD987D409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:libressl:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FC36B7-EBF7-478F-8D00-1FA201E081F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
},
{
"lang": "es",
"value": "LibreSSL en versiones anteriores a la 2.6.5 y versiones 2.7.x anteriores a la 2.7.4 permite un ataque de canal lateral por cach\u00e9 de memoria en las firmas DSA y ECDSA. Esto tambi\u00e9n se conoce como Return Of the Hidden Number Problem (ROHNP). Para descubrir una clave, el atacante necesita acceso a la m\u00e1quina local o a una m\u00e1quina virtual diferente en el mismo host f\u00edsico."
}
],
"id": "CVE-2018-12434",
"lastModified": "2024-11-21T03:45:12.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-15T02:29:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-24 21:29
Modified
2024-11-21 04:14
Severity ?
Summary
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39DDFDEF-AD05-444B-8BCE-018EC7393F76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not."
},
{
"lang": "es",
"value": "La funci\u00f3n int_x509_param_set_hosts en lib/libcrypto/x509/x509_vpm.c en LibreSSL, en versiones 2.7.0 anteriores a la 2.7.1 no soporta determinados casos especiales de una longitud de nombre cero. Esto provoca una omisi\u00f3n silenciosa de la verificaci\u00f3n del nombre de host y, en consecuencia, permite que atacantes Man-in-the-Middle (MitM) suplanten servidores y obtengan informaci\u00f3n sensible mediante un certificado manipulado. NOTA: la documentaci\u00f3n de LibreSSL indica que el programa soporta este caso especial, pero la documentaci\u00f3n de BoringSSL no."
}
],
"id": "CVE-2018-8970",
"lastModified": "2024-11-21T04:14:42.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-24T21:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-12 05:15
Modified
2025-02-10 17:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0298D8BA-8BA9-42DF-994A-4A79D2371D45",
"versionEndExcluding": "3.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F42281B6-FE3A-408F-83DA-180AC67F2C3D",
"versionEndExcluding": "7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate."
}
],
"id": "CVE-2022-48437",
"lastModified": "2025-02-10T17:15:15.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-12T05:15:07.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-24 03:15
Modified
2024-11-21 06:26
Severity ?
Summary
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/libressl-portable/openbsd/issues/126 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libressl-portable/openbsd/issues/126 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "153E3E43-4F67-4598-A1BF-C8AEF4A3E5B9",
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks \u0027\\0\u0027 termination."
},
{
"lang": "es",
"value": "La funci\u00f3n x509_constraints_parse_mailbox en el archivo lib/libcrypto/x509/x509_constraints.c en LibreSSL versiones hasta 3.4.0, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n stack de la memoria. Cuando la entrada excede DOMAIN_PART_MAX_LEN, el b\u00fafer carece de terminaci\u00f3n \"\\0\"."
}
],
"id": "CVE-2021-41581",
"lastModified": "2024-11-21T06:26:27.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-24T03:15:06.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/openbsd/issues/126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/openbsd/issues/126"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-16 20:15
Modified
2024-11-21 08:08
Severity ?
Summary
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "784B0777-194D-4E4A-874F-198BD201B508",
"versionEndExcluding": "3.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E68DCDD-212C-4EF0-AF5D-23CD66073680",
"versionEndExcluding": "3.7.3",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6EC6AC-E2DE-4166-A762-AB6A88DF1C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8A4344-6ABE-4626-ADA4-3FA91F8D76C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected."
}
],
"id": "CVE-2023-35784",
"lastModified": "2024-11-21T08:08:41.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-16T20:15:09.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
},
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-29 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46914DBC-6622-440E-B4D9-CC14C84CC5D8",
"versionEndIncluding": "2.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake."
},
{
"lang": "es",
"value": "Doble vulnerabilidad de liberaci\u00f3n en la funci\u00f3n ssl_parse_clienthello_use_srtp_ext en d1_srtp.c en LibreSSL anterior a 2.1.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio o la posibilidad de tener otro impacto sin especificar mediante la activaci\u00f3n de un error de verificaci\u00f3n de longitud durante el proceso de negociaci\u00f3n DTLS"
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
"id": "CVE-2014-9424",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-29T00:59:01.827",
"references": [
{
"source": "cve@mitre.org",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=202"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 20:15
Modified
2024-11-21 02:32
Severity ?
Summary
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "263ED210-2C74-4F7F-AF91-65970FD4EE7A",
"versionEndExcluding": "2.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508."
},
{
"lang": "es",
"value": "Un error por un paso en la funci\u00f3n OBJ_obj2txt en LibreSSL versiones anteriores a 2.3.1, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del programa) o posible ejecutar c\u00f3digo arbitrario por medio de un certificado X.509 dise\u00f1ado, que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Nota: esta vulnerabilidad se presenta debido a una correcci\u00f3n incorrecta para CVE-2014-3508."
}
],
"id": "CVE-2015-5334",
"lastModified": "2024-11-21T02:32:48.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T20:15:12.027",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/75"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-15 00:15
Modified
2025-02-07 16:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD1B673-A6C5-4673-8ACC-FF31DA3A0531",
"versionEndExcluding": "3.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450E9581-FED9-4CFC-B636-170E52A5071F",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded."
}
],
"id": "CVE-2021-46880",
"lastModified": "2025-02-07T16:15:33.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-15T00:15:07.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sig"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20230517-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230517-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-01 03:15
Modified
2024-11-21 04:39
Severity ?
Summary
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml | Third Party Advisory | |
| cve@mitre.org | https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | libressl | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A290BD5C-999D-46CE-BA41-5BBDEE1907CC",
"versionEndIncluding": "3.2.1",
"versionStartIncluding": "2.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print)."
},
{
"lang": "es",
"value": "LibreSSL versiones 2.9.1 hasta 3.2.1, presenta una lectura excesiva de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n do_print_ex (llamado desde asn1_item_print_ctx y ASN1_item_print)"
}
],
"id": "CVE-2019-25048",
"lastModified": "2024-11-21T04:39:49.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-01T03:15:07.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-01 03:15
Modified
2024-11-21 04:39
Severity ?
Summary
LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml | Third Party Advisory | |
| cve@mitre.org | https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | libressl | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A290BD5C-999D-46CE-BA41-5BBDEE1907CC",
"versionEndIncluding": "3.2.1",
"versionStartIncluding": "2.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx)."
},
{
"lang": "es",
"value": "LibreSSL versiones 2.9.1 hasta 3.2.1, presenta una lectura fuera de l\u00edmites en la funci\u00f3n asn1_item_print_ctx (llamada desde asn1_template_print_ctx)"
}
],
"id": "CVE-2019-25049",
"lastModified": "2024-11-21T04:39:49.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-01T03:15:07.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-5333 (GCVE-0-2015-5333)
Vulnerability from cvelistv5
Published
2020-01-23 20:12
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory Leak
Summary
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html | x_refsource_MISC | |
| http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreSSL",
"vendor": "LibreSSL",
"versions": [
{
"status": "affected",
"version": "before 2.3.1"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-23T20:12:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreSSL",
"version": {
"version_data": [
{
"version_value": "before 2.3.1"
}
]
}
}
]
},
"vendor_name": "LibreSSL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"name": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt",
"refsource": "CONFIRM",
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
},
{
"name": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5333",
"datePublished": "2020-01-23T20:12:54",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8970 (GCVE-0-2018-8970)
Vulnerability from cvelistv5
Published
2018-03-24 21:00
Modified
2024-08-05 07:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-24T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42",
"refsource": "MISC",
"url": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42"
},
{
"name": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt",
"refsource": "MISC",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt"
},
{
"name": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff",
"refsource": "MISC",
"url": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8970",
"datePublished": "2018-03-24T21:00:00",
"dateReserved": "2018-03-24T00:00:00",
"dateUpdated": "2024-08-05T07:10:47.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25049 (GCVE-0-2019-25049)
Vulnerability from cvelistv5
Published
2021-07-01 02:53
Modified
2024-08-05 03:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a | x_refsource_MISC | |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920 | x_refsource_MISC | |
| https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T02:53:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a",
"refsource": "MISC",
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920"
},
{
"name": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml",
"refsource": "MISC",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25049",
"datePublished": "2021-07-01T02:53:38",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35784 (GCVE-0-2023-35784)
Vulnerability from cvelistv5
Published
2023-06-16 00:00
Modified
2024-12-17 17:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T17:05:14.971673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T17:05:30.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T21:01:37.616664",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt"
},
{
"url": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35784",
"datePublished": "2023-06-16T00:00:00",
"dateReserved": "2023-06-16T00:00:00",
"dateUpdated": "2024-12-17T17:05:30.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41581 (GCVE-0-2021-41581)
Vulnerability from cvelistv5
Published
2021-09-24 02:12
Modified
2024-08-04 03:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libressl-portable/openbsd/issues/126 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libressl-portable/openbsd/issues/126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks \u0027\\0\u0027 termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T02:12:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libressl-portable/openbsd/issues/126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks \u0027\\0\u0027 termination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libressl-portable/openbsd/issues/126",
"refsource": "MISC",
"url": "https://github.com/libressl-portable/openbsd/issues/126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41581",
"datePublished": "2021-09-24T02:12:33",
"dateReserved": "2021-09-24T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25048 (GCVE-0-2019-25048)
Vulnerability from cvelistv5
Published
2021-07-01 02:53
Modified
2024-08-05 03:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a | x_refsource_MISC | |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914 | x_refsource_MISC | |
| https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T02:53:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a",
"refsource": "MISC",
"url": "https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914"
},
{
"name": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml",
"refsource": "MISC",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25048",
"datePublished": "2021-07-01T02:53:25",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-08-05T03:00:19.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5334 (GCVE-0-2015-5334)
Vulnerability from cvelistv5
Published
2020-01-23 19:56
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2015/Oct/75 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html | x_refsource_MISC | |
| http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/75"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreSSL",
"vendor": "LibreSSL",
"versions": [
{
"status": "affected",
"version": "before 2.3.1"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-23T19:56:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/75"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreSSL",
"version": {
"version_data": [
{
"version_value": "before 2.3.1"
}
]
}
}
]
},
"vendor_name": "LibreSSL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html"
},
{
"name": "http://seclists.org/fulldisclosure/2015/Oct/75",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/75"
},
{
"name": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html"
},
{
"name": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt",
"refsource": "MISC",
"url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5334",
"datePublished": "2020-01-23T19:56:11",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12434 (GCVE-0-2018-12434)
Vulnerability from cvelistv5
Published
2018-06-15 02:00
Modified
2024-09-16 22:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt",
"refsource": "MISC",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt"
},
{
"name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
},
{
"name": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt",
"refsource": "MISC",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12434",
"datePublished": "2018-06-15T02:00:00Z",
"dateReserved": "2018-06-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:52:15.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8301 (GCVE-0-2017-8301)
Vulnerability from cvelistv5
Published
2017-04-27 17:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2017/q2/145 | x_refsource_MISC | |
| https://github.com/libressl-portable/portable/issues/307 | x_refsource_CONFIRM | |
| https://trac.nginx.org/nginx/ticket/1257 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98076 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q2/145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libressl-portable/portable/issues/307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.nginx.org/nginx/ticket/1257"
},
{
"name": "98076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-06T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2017/q2/145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libressl-portable/portable/issues/307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.nginx.org/nginx/ticket/1257"
},
{
"name": "98076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/oss-sec/2017/q2/145",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2017/q2/145"
},
{
"name": "https://github.com/libressl-portable/portable/issues/307",
"refsource": "CONFIRM",
"url": "https://github.com/libressl-portable/portable/issues/307"
},
{
"name": "https://trac.nginx.org/nginx/ticket/1257",
"refsource": "CONFIRM",
"url": "https://trac.nginx.org/nginx/ticket/1257"
},
{
"name": "98076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8301",
"datePublished": "2017-04-27T17:00:00",
"dateReserved": "2017-04-27T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46880 (GCVE-0-2021-46880)
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2025-02-07 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230517-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:07:02.582829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:08:02.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt"
},
{
"url": "https://github.com/openbsd/src/commit/3f851282810fa0ab4b90b3b1ecec2e8717ef16f8"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/006_x509.patch.sig"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230517-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46880",
"datePublished": "2023-04-14T00:00:00.000Z",
"dateReserved": "2023-04-14T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:08:02.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48437 (GCVE-0-2022-48437)
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-10 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T16:40:51.305200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T16:41:31.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig"
},
{
"url": "https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48437",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-04-12T00:00:00.000Z",
"dateUpdated": "2025-02-10T16:41:31.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9424 (GCVE-0-2014-9424)
Vulnerability from cvelistv5
Published
2014-12-29 00:00
Modified
2024-09-16 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0 | x_refsource_CONFIRM | |
| https://code.google.com/p/google-security-research/issues/detail?id=202 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:40.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-29T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0",
"refsource": "CONFIRM",
"url": "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=202",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9424",
"datePublished": "2014-12-29T00:00:00Z",
"dateReserved": "2014-12-28T00:00:00Z",
"dateUpdated": "2024-09-16T16:59:15.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201704-0784
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors. plural Apple Product HTTPProtocol Components include nghttp2 Vulnerabilities that are unspecified are present due to incomplete processing.Remote HTTP/2 The server may have unspecified effects. iOS is a mobile operating system developed by Apple. Apple first announced this system at the Macworld conference on January 9, 2007. It was originally designed for the iPhone and later applied to iPod touch, iPad and Apple TV. tvOS is a system developed by Apple. Based on iOS, tvOS is an operating system designed specifically for the fourth generation of Apple TV. Mac OS is a set of operating systems running on Apple's Macintosh series of computers. watchOS is a mobile operating system for Apple Watch developed by Apple. It is based on the iOS operating system and has many similar functions. Nghttp2 is prone to multiple remote security vulnerabilities. An attacker can leverage these issues to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to Nghttp2 1.17.0 are vulnerable. HTTPProtocol is one of the implementations that forces browsers to use compatibility mode. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-03-27-5 watchOS 3.2
watchOS 3.2 is now available and addresses the following:
Audio Available for: All Apple Watch models Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2430: an anonymous researcher working with Trend Microas Zero Day Initiative CVE-2017-2462: an anonymous researcher working with Trend Microas Zero Day Initiative
Carbon Available for: All Apple Watch models Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2017-2379: John Villamil, Doyensec, riusksk (ae3aY=) of Tencent Security Platform Department
CoreGraphics Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to a denial of service Description: An infinite recursion was addressed through improved state management. CVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform Department
CoreGraphics Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2444: Mei Wang of 360 GearTeam
CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2435: John Villamil, Doyensec
CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2450: John Villamil, Doyensec
CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher
FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform Department CVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform Department
FontParser Available for: All Apple Watch models Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform Department
FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2439: John Villamil, Doyensec
HTTPProtocol Available for: All Apple Watch models Impact: A malicious HTTP/2 server may be able to cause undefined behavior Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating LibreSSL to version 1.17.0. CVE-2017-2428
ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2416: Qidan He (a1/2ae*a,1, @flanker_hqd) of KeenLab, Tencent
ImageIO Available for: All Apple Watch models Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative
ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2467
ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to unexpected application termination Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7. CVE-2016-3619
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2017-2440: an anonymous researcher
Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A race condition was addressed through improved memory handling. CVE-2017-2456: lokihardt of Google Project Zero
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2472: Ian Beer of Google Project Zero
Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2473: Ian Beer of Google Project Zero
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An off-by-one issue was addressed through improved bounds checking. CVE-2017-2474: Ian Beer of Google Project Zero
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2478: Ian Beer of Google Project Zero
Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2482: Ian Beer of Google Project Zero CVE-2017-2483: Ian Beer of Google Project Zero
Keyboards Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2458: Shashank (@cyberboyIndia)
libarchive Available for: All Apple Watch models Impact: A local attacker may be able to change file system permissions on arbitrary directories Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2017-2390: Omer Medan of enSilo Ltd
libc++abi Available for: All Apple Watch models Impact: Demangling a malicious C++ application may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2441
Security Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with root privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2451: Alex Radocea of Longterm Security, Inc.
Security Available for: All Apple Watch models Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation. CVE-2017-2485: Aleksandar Nikolic of Cisco Talos
WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)
WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing. CVE-2016-9643: Gustavo Grieco
WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2471: Ivan Fratric of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2Yo7AAoJEIOj74w0bLRGnz8P/2pCIIMej7VvKEMeeOblPHII ZwaSR8nzRIlL5IsPgPcq/e2vkZoyPs3ee5dQGX4yJTgzEY0FuD1S/NxeFntxFlzm 8Ei+PQJco8xdZtlL1HXjg+UlY0HAm1TJGYyriDPjbJiqCBRktv3ta/uzJY+yvXK8 3KtO0PXmEGFod9eyQZIRqFZ6GLxNdeFIxabp1SkOoiGk29jC3E9YjgR5qldMAjfN AuYWiBBhMOmal8dbnamtcJh93ElzuXX77cCUlw7wQMz6NaqNS3FWaGEUHsxn6y/4 P8XIfwYAaoWhaCJpEari+GkxmmuXmtbuKyMTDQqCWQyG3ThkYDk6kKQNcQMDbxnh pcyEB7WI9sRQ7CoFH7rmyl8BqQr4Ys0uGPtRDvCVO91kNUMYXeBiNC+StyqWt6Wd 3p/QUxYnM+kG8Zd0lMEaF3LNolr1w54APxMYD3sW3/tOmf8C7d6+qGTGlrumizkD Z0zr/xRNNpd0m4PVmlNt7YJMjN6s1xJwpEUC1n4FyRifdQktqsKMrumq7VGplHYO VNKToB3BuHHjTi2HOocvUXfj55htqrCxETEyHD7NhKVpLEf15vDgyXKFGgF95/HR gomW+ApttZNiz/vOOoI9DL2ZSOnwzo5uO8W4GYSpDpQ36YaYQj/jei2MgtVqqKo+ bNi/H1Oquz40IhKoGR/B =4Uvv -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0784",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "watchos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (ipad first 4 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (ipod touch first 6 after generation )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.2 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.2 (apple watch all models )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.6,
"vendor": "apple",
"version": "10.3"
},
{
"model": "macos",
"scope": "lt",
"trust": 0.6,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.6,
"vendor": "apple",
"version": "10.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.6,
"vendor": "apple",
"version": "3.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "libressl",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": null
},
{
"model": "nghttp2",
"scope": "eq",
"trust": 0.3,
"vendor": "nghttp2",
"version": "1.16.1"
},
{
"model": "nghttp2",
"scope": "eq",
"trust": 0.3,
"vendor": "nghttp2",
"version": "1.6"
},
{
"model": "nghttp2",
"scope": "eq",
"trust": 0.3,
"vendor": "nghttp2",
"version": "1.5"
},
{
"model": "nghttp2",
"scope": "eq",
"trust": 0.3,
"vendor": "nghttp2",
"version": "1.7.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "watch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "nghttp2",
"scope": "ne",
"trust": 0.3,
"vendor": "nghttp2",
"version": "1.17"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "security update yosemite",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0010"
},
{
"model": "security update el capitan",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0010"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"db": "BID",
"id": "97146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1267"
},
{
"db": "NVD",
"id": "CVE-2017-2428"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "97146"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2428",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-2428",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04876",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-110631",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-2428",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2428",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-2428",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-04876",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1267",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110631",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"db": "VULHUB",
"id": "VHN-110631"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1267"
},
{
"db": "NVD",
"id": "CVE-2017-2428"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the \"HTTPProtocol\" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors. plural Apple Product HTTPProtocol Components include nghttp2 Vulnerabilities that are unspecified are present due to incomplete processing.Remote HTTP/2 The server may have unspecified effects. iOS is a mobile operating system developed by Apple. Apple first announced this system at the Macworld conference on January 9, 2007. It was originally designed for the iPhone and later applied to iPod touch, iPad and Apple TV. tvOS is a system developed by Apple. Based on iOS, tvOS is an operating system designed specifically for the fourth generation of Apple TV. Mac OS is a set of operating systems running on Apple\u0027s Macintosh series of computers. watchOS is a mobile operating system for Apple Watch developed by Apple. It is based on the iOS operating system and has many similar functions. Nghttp2 is prone to multiple remote security vulnerabilities. \nAn attacker can leverage these issues to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \nVersions prior to Nghttp2 1.17.0 are vulnerable. HTTPProtocol is one of the implementations that forces browsers to use compatibility mode. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-27-5 watchOS 3.2\n\nwatchOS 3.2 is now available and addresses the following:\n\nAudio\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2430: an anonymous researcher working with Trend Microas\nZero Day Initiative\nCVE-2017-2462: an anonymous researcher working with Trend Microas\nZero Day Initiative\n\nCarbon\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: A buffer overflow existed in the handling of font files. \nThis issue was addressed through improved bounds checking. \nCVE-2017-2379: John Villamil, Doyensec, riusksk (ae3aY=) of Tencent\nSecurity Platform Department\n\nCoreGraphics\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An infinite recursion was addressed through improved\nstate management. \nCVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nCoreGraphics\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2444: Mei Wang of 360 GearTeam\n\nCoreText\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2435: John Villamil, Doyensec\n\nCoreText\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2017-2450: John Villamil, Doyensec\n\nCoreText\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted text message may lead to\napplication denial of service\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\nFontParser\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\nCVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: All Apple Watch models\nImpact: Parsing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2017-2439: John Villamil, Doyensec\n\nHTTPProtocol\nAvailable for: All Apple Watch models\nImpact: A malicious HTTP/2 server may be able to cause undefined\nbehavior\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These\nwere addressed by updating LibreSSL to version 1.17.0. \nCVE-2017-2428\n\nImageIO\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2416: Qidan He (a1/2ae*a,1, @flanker_hqd) of KeenLab, Tencent\n\nImageIO\nAvailable for: All Apple Watch models\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2432: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nImageIO\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2467\n\nImageIO\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted image may lead to unexpected\napplication termination\nDescription: An out-of-bound read existed in LibTIFF versions before\n4.0.7. This was addressed by updating LibTIFF in ImageIO to version\n4.0.7. \nCVE-2016-3619\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2017-2440: an anonymous researcher\n\nKernel\nAvailable for: All Apple Watch models\nImpact: A malicious application may be able to execute arbitrary code\nwith root privileges\nDescription: A race condition was addressed through improved memory\nhandling. \nCVE-2017-2456: lokihardt of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2472: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2473: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An off-by-one issue was addressed through improved\nbounds checking. \nCVE-2017-2474: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed through improved locking. \nCVE-2017-2478: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-2482: Ian Beer of Google Project Zero\nCVE-2017-2483: Ian Beer of Google Project Zero\n\nKeyboards\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-2458: Shashank (@cyberboyIndia)\n\nlibarchive\nAvailable for: All Apple Watch models\nImpact: A local attacker may be able to change file system\npermissions on arbitrary directories\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed through improved validation of symlinks. \nCVE-2017-2390: Omer Medan of enSilo Ltd\n\nlibc++abi\nAvailable for: All Apple Watch models\nImpact: Demangling a malicious C++ application may lead to arbitrary\ncode execution\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2441\n\nSecurity\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-2451: Alex Radocea of Longterm Security, Inc. \n\nSecurity\nAvailable for: All Apple Watch models\nImpact: Processing a maliciously crafted x509 certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the parsing of\ncertificates. This issue was addressed through improved input\nvalidation. \nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2017-2415: Kai Kang of Tencent\u0027s Xuanwu Lab (tentcent.com)\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to high\nmemory consumption\nDescription: An uncontrolled resource consumption issue was addressed\nthrough improved regex processing. \nCVE-2016-9643: Gustavo Grieco\n\nWebKit\nAvailable for: All Apple Watch models\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCgAGBQJY2Yo7AAoJEIOj74w0bLRGnz8P/2pCIIMej7VvKEMeeOblPHII\nZwaSR8nzRIlL5IsPgPcq/e2vkZoyPs3ee5dQGX4yJTgzEY0FuD1S/NxeFntxFlzm\n8Ei+PQJco8xdZtlL1HXjg+UlY0HAm1TJGYyriDPjbJiqCBRktv3ta/uzJY+yvXK8\n3KtO0PXmEGFod9eyQZIRqFZ6GLxNdeFIxabp1SkOoiGk29jC3E9YjgR5qldMAjfN\nAuYWiBBhMOmal8dbnamtcJh93ElzuXX77cCUlw7wQMz6NaqNS3FWaGEUHsxn6y/4\nP8XIfwYAaoWhaCJpEari+GkxmmuXmtbuKyMTDQqCWQyG3ThkYDk6kKQNcQMDbxnh\npcyEB7WI9sRQ7CoFH7rmyl8BqQr4Ys0uGPtRDvCVO91kNUMYXeBiNC+StyqWt6Wd\n3p/QUxYnM+kG8Zd0lMEaF3LNolr1w54APxMYD3sW3/tOmf8C7d6+qGTGlrumizkD\nZ0zr/xRNNpd0m4PVmlNt7YJMjN6s1xJwpEUC1n4FyRifdQktqsKMrumq7VGplHYO\nVNKToB3BuHHjTi2HOocvUXfj55htqrCxETEyHD7NhKVpLEf15vDgyXKFGgF95/HR\ngomW+ApttZNiz/vOOoI9DL2ZSOnwzo5uO8W4GYSpDpQ36YaYQj/jei2MgtVqqKo+\nbNi/H1Oquz40IhKoGR/B\n=4Uvv\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2428"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"db": "BID",
"id": "97146"
},
{
"db": "VULHUB",
"id": "VHN-110631"
},
{
"db": "PACKETSTORM",
"id": "141933"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2428",
"trust": 3.5
},
{
"db": "BID",
"id": "97146",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038138",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU90482935",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002357",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-04876",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1267",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141933",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"db": "VULHUB",
"id": "VHN-110631"
},
{
"db": "BID",
"id": "97146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"db": "PACKETSTORM",
"id": "141933"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1267"
},
{
"db": "NVD",
"id": "CVE-2017-2428"
}
]
},
"id": "VAR-201704-0784",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110631"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:34:36.775000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "HT207602",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207602"
},
{
"title": "HT207601",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207601"
},
{
"title": "HT207617",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207617"
},
{
"title": "HT207615",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207615"
},
{
"title": "HT207617",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207617"
},
{
"title": "HT207615",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207615"
},
{
"title": "HT207602",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207602"
},
{
"title": "HT207601",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207601"
},
{
"title": "Patches for unnamed vulnerabilities in Apple iOS/tvOS/macOS/watchOS HTTPProtocol components",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92175"
},
{
"title": "Nghttp2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68819"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2428"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97146"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207601"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207602"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207615"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207617"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038138"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2428"
},
{
"trust": 1.1,
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.17.0"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2428"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90482935/index.html"
},
{
"trust": 0.6,
"url": "http2/releases/tag/v1.17.0"
},
{
"trust": 0.6,
"url": "http2/ng"
},
{
"trust": 0.6,
"url": "https://github.com/ng"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/osx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/appletv/features.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/in/watch/"
},
{
"trust": 0.3,
"url": "https://nghttp2.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2379"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2467"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2462"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2435"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2471"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2461"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2390"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2416"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2456"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"db": "VULHUB",
"id": "VHN-110631"
},
{
"db": "BID",
"id": "97146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"db": "PACKETSTORM",
"id": "141933"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1267"
},
{
"db": "NVD",
"id": "CVE-2017-2428"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"db": "VULHUB",
"id": "VHN-110631"
},
{
"db": "BID",
"id": "97146"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"db": "PACKETSTORM",
"id": "141933"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1267"
},
{
"db": "NVD",
"id": "CVE-2017-2428"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110631"
},
{
"date": "2017-03-27T00:00:00",
"db": "BID",
"id": "97146"
},
{
"date": "2017-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"date": "2017-03-27T17:32:22",
"db": "PACKETSTORM",
"id": "141933"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1267"
},
{
"date": "2017-04-02T01:59:01.810000",
"db": "NVD",
"id": "CVE-2017-2428"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04876"
},
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-110631"
},
{
"date": "2017-03-29T01:02:00",
"db": "BID",
"id": "97146"
},
{
"date": "2017-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002357"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1267"
},
{
"date": "2024-11-21T03:23:30.410000",
"db": "NVD",
"id": "CVE-2017-2428"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1267"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product HTTPProtocol Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002357"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "97146"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1267"
}
],
"trust": 0.9
}
}