Описание
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 an...
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | uses system openssl |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | uses system openssl |
| esm-apps/jammy | needed | |
| esm-apps/noble | not-affected | uses system openssl |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | not-affected | uses system openssl |
| jammy | needed | |
| noble | not-affected | uses system openssl |
| plucky | not-affected | uses system openssl |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needed | |
| esm-infra-legacy/trusty | released | 1.0.1f-1ubuntu2.27+esm12 |
| esm-infra/bionic | released | 1.1.1-1ubuntu2.1~18.04.23+esm7 |
| esm-infra/focal | released | 1.1.1f-1ubuntu2.24+esm2 |
| esm-infra/xenial | released | 1.0.2g-1ubuntu4.20+esm14 |
| fips-preview/jammy | needed | |
| fips-updates/bionic | needed | |
| fips-updates/focal | needed | |
| fips-updates/jammy | needed | |
| fips-updates/xenial | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | released | 1.0.2n-1ubuntu5.13+esm3 |
| jammy | DNE | |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 an
Issue summary: Writing large, newline-free data into a BIO chain using ...
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3...
EPSS
4.7 Medium
CVSS3