Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-88pg-cj77-9fxr

Опубликовано: 14 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 7.5

Описание

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

Ссылки

EPSS

Процентиль: 97%
0.37662
Средний

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 9 лет назад

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

redhat
больше 9 лет назад

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

CVSS3: 7.5
nvd
больше 9 лет назад

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

CVSS3: 7.5
debian
больше 9 лет назад

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 be ...

fstec
больше 9 лет назад

Уязвимости библиотеки OpenSSL, позволяющие нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 97%
0.37662
Средний

7.5 High

CVSS3