exploitDog

CVE-2019-25048

Опубликовано: 01 июл. 2021

Источник: nvd

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml
Third Party Advisory
https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a
Patch
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml
Third Party Advisory
https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*

Версия от 2.9.1 (включая) до 3.2.1 (включая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00221

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2019-25048

CVSS3: 7.1

debian

больше 4 лет назад

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...

GHSA-f2vj-m3mq-wc4p

github

больше 3 лет назад

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

EPSS

Процентиль: 44%

0.00221

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125