Описание
OOB Read in OpenSSL backend
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not compiled |
| esm-infra/bionic | not-affected | code not compiled |
| esm-infra/focal | not-affected | code not compiled |
| esm-infra/xenial | not-affected | code not compiled |
| jammy | not-affected | code not compiled |
| noble | not-affected | code not compiled |
| questing | not-affected | code not compiled |
| upstream | needs-triage |
Показывать по
10
Ссылки на источники
Связанные уязвимости
CVSS3: 5.4
redhat
около 1 месяца назад
A flaw was found in glib-networking. A malicious Transport Layer Security (TLS) server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory is accessed outside of its allocated buffer and subsequently freed incorrectly. This can lead to a denial-of-service and potentially disclose limited heap memory.
