MySQL — свободная реляционная система управления базами данных
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 319
openSUSE-SU-2021:2966-1
Security update for openssl-1_1
SUSE-SU-2021:2966-1
Security update for openssl-1_1
SUSE-SU-2021:2852-1
Security update for compat-openssl098
GHSA-83mx-573x-5rw9
openssl-src NULL pointer Dereference in signature_algorithms processing
GHSA-8hfj-xrj2-pm22
Certificate check bypass in openssl-src
GHSA-84rm-qf37-fgc2
Integer Overflow in openssl-src
GHSA-qgm6-9472-pwq7
Integer Overflow in openssl-src
openSUSE-SU-2021:1189-1
Security update for openssl-1_0_0
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL termin
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | openSUSE-SU-2021:2966-1 Security update for openssl-1_1 | 0% Низкий | больше 4 лет назад | |
| SUSE-SU-2021:2966-1 Security update for openssl-1_1 | 0% Низкий | больше 4 лет назад | |
| SUSE-SU-2021:2852-1 Security update for compat-openssl098 | 0% Низкий | больше 4 лет назад | |
| GHSA-83mx-573x-5rw9 openssl-src NULL pointer Dereference in signature_algorithms processing | CVSS3: 5.9 | 11% Средний | больше 4 лет назад |
| GHSA-8hfj-xrj2-pm22 Certificate check bypass in openssl-src | CVSS3: 7.4 | 1% Низкий | больше 4 лет назад |
| GHSA-84rm-qf37-fgc2 Integer Overflow in openssl-src | CVSS3: 5.9 | 1% Низкий | больше 4 лет назад |
| GHSA-qgm6-9472-pwq7 Integer Overflow in openssl-src | CVSS3: 7.5 | 1% Низкий | больше 4 лет назад |
| openSUSE-SU-2021:1189-1 Security update for openssl-1_0_0 | 0% Низкий | больше 4 лет назад | |
 | CVE-2021-3712 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL termin | CVSS3: 7.4 | 0% Низкий | больше 4 лет назад |
| CVE-2021-3712 ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ... | CVSS3: 7.4 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу