Логотип exploitDog
bind:"GHSA-8hfj-xrj2-pm22" OR bind:"CVE-2021-3450"
Консоль
Логотип exploitDog

exploitDog

bind:"GHSA-8hfj-xrj2-pm22" OR bind:"CVE-2021-3450"

Количество 17

Количество 17

github логотип

GHSA-8hfj-xrj2-pm22

почти 4 года назад

Certificate check bypass in openssl-src

CVSS3: 7.4
EPSS: Низкий
ubuntu логотип

CVE-2021-3450

больше 4 лет назад

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verif...

CVSS3: 7.4
EPSS: Низкий
redhat логотип

CVE-2021-3450

больше 4 лет назад

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verif...

CVSS3: 7.4
EPSS: Низкий
nvd логотип

CVE-2021-3450

больше 4 лет назад

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verifica

CVSS3: 7.4
EPSS: Низкий
msrc логотип

CVE-2021-3450

почти 4 года назад

OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

EPSS: Низкий
debian логотип

CVE-2021-3450

больше 4 лет назад

The X509_V_FLAG_X509_STRICT flag enables additional security checks of ...

CVSS3: 7.4
EPSS: Низкий
fstec логотип

BDU:2021-01845

больше 4 лет назад

Уязвимость реализации конфигурации X509_V_FLAG_X509_STRICT библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 7.4
EPSS: Низкий
oracle-oval логотип

ELSA-2021-9151

больше 4 лет назад

ELSA-2021-9151: openssl security update (IMPORTANT)

EPSS: Низкий
oracle-oval логотип

ELSA-2021-1024

больше 4 лет назад

ELSA-2021-1024: openssl security update (IMPORTANT)

EPSS: Низкий
suse-cvrf логотип

openSUSE-SU-2021:2353-1

около 4 лет назад

Security update for nodejs10

EPSS: Низкий
suse-cvrf логотип

openSUSE-SU-2021:2327-1

около 4 лет назад

Security update for nodejs12

EPSS: Низкий
suse-cvrf логотип

openSUSE-SU-2021:1061-1

около 4 лет назад

Security update for nodejs10

EPSS: Низкий
suse-cvrf логотип

openSUSE-SU-2021:1059-1

около 4 лет назад

Security update for nodejs12

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2021:2353-1

около 4 лет назад

Security update for nodejs10

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2021:2327-1

около 4 лет назад

Security update for nodejs12

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2021:2326-1

около 4 лет назад

Security update for nodejs12

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2021:2323-1

около 4 лет назад

Security update for nodejs10

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-8hfj-xrj2-pm22

Certificate check bypass in openssl-src

CVSS3: 7.4
1%
Низкий
почти 4 года назад
ubuntu логотип
CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verif...

CVSS3: 7.4
1%
Низкий
больше 4 лет назад
redhat логотип
CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verif...

CVSS3: 7.4
1%
Низкий
больше 4 лет назад
nvd логотип
CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verifica

CVSS3: 7.4
1%
Низкий
больше 4 лет назад
msrc логотип
CVE-2021-3450

OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

1%
Низкий
почти 4 года назад
debian логотип
CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of ...

CVSS3: 7.4
1%
Низкий
больше 4 лет назад
fstec логотип
BDU:2021-01845

Уязвимость реализации конфигурации X509_V_FLAG_X509_STRICT библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 7.4
1%
Низкий
больше 4 лет назад
oracle-oval логотип
ELSA-2021-9151

ELSA-2021-9151: openssl security update (IMPORTANT)

больше 4 лет назад
oracle-oval логотип
ELSA-2021-1024

ELSA-2021-1024: openssl security update (IMPORTANT)

больше 4 лет назад
suse-cvrf логотип
openSUSE-SU-2021:2353-1

Security update for nodejs10

около 4 лет назад
suse-cvrf логотип
openSUSE-SU-2021:2327-1

Security update for nodejs12

около 4 лет назад
suse-cvrf логотип
openSUSE-SU-2021:1061-1

Security update for nodejs10

около 4 лет назад
suse-cvrf логотип
openSUSE-SU-2021:1059-1

Security update for nodejs12

около 4 лет назад
suse-cvrf логотип
SUSE-SU-2021:2353-1

Security update for nodejs10

около 4 лет назад
suse-cvrf логотип
SUSE-SU-2021:2327-1

Security update for nodejs12

около 4 лет назад
suse-cvrf логотип
SUSE-SU-2021:2326-1

Security update for nodejs12

около 4 лет назад
suse-cvrf логотип
SUSE-SU-2021:2323-1

Security update for nodejs10

около 4 лет назад

Уязвимостей на страницу