Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
References
Link | Resource |
---|---|
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt | Release Notes Vendor Advisory |
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded | Broken Link |
Configurations
History
No history.
Information
Published : 2020-01-23 21:15
Updated : 2024-02-28 17:28
NVD link : CVE-2015-5333
Mitre link : CVE-2015-5333
CVE.ORG link : CVE-2015-5333
JSON object : View
Products Affected
openbsd
- libressl
opensuse
- opensuse
CWE
CWE-400
Uncontrolled Resource Consumption