Описание
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
Ссылки
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:samsung:tizenrt:1.0:m1:*:*:*:*:*:*
cpe:2.3:o:samsung:tizenrt:1.1:-:*:*:*:*:*:*
cpe:2.3:o:samsung:tizenrt:2.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:tizenrt:3.0:gbm:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.0028
Низкий
7.5 High
CVSS3
Дефекты
CWE-401
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 3 лет назад
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
CVSS3: 7.5
github
больше 3 лет назад
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
EPSS
Процентиль: 51%
0.0028
Низкий
7.5 High
CVSS3
Дефекты
CWE-401