Описание
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | not-affected | |
| focal | not-affected | |
| jammy | not-affected | |
| kinetic | not-affected | |
| lunar | not-affected | |
| mantic | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | uses system openssl1.0 |
| devel | not-affected | uses system openssl |
| esm-apps/bionic | not-affected | uses system openssl1.0 |
| esm-apps/focal | not-affected | uses system openssl1.1 |
| esm-apps/jammy | not-affected | uses openssl 1.1 |
| esm-apps/noble | not-affected | uses system openssl |
| esm-apps/xenial | not-affected | uses system openssl |
| esm-infra-legacy/trusty | not-affected | uses system openssl |
| focal | not-affected | uses system openssl1.1 |
| jammy | not-affected | uses openssl 1.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 1.1.1-1ubuntu2.1~18.04.20 |
| devel | released | 3.0.5-2ubuntu2 |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | not-affected | 1.1.1-1ubuntu2.1~18.04.20 |
| esm-infra/focal | not-affected | 1.1.1f-1ubuntu2.16 |
| esm-infra/xenial | not-affected | |
| fips-preview/jammy | released | 3.0.2-0ubuntu1.7.fips.1 |
| fips-updates/bionic | not-affected | |
| fips-updates/focal | not-affected | |
| fips-updates/jammy | released | 3.0.2-0ubuntu1.7.fips.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| esm-infra/bionic | not-affected | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
A buffer overrun can be triggered in X.509 certificate verification, s ...
X.509 Email Address Variable Length Buffer Overflow
Уязвимость функционала проверки сертификата X.509 библиотеки OpenSSL, позволяющая нарушителю аварийно завершить работу приложения
EPSS
7.5 High
CVSS3