CVE-2019-25048

7.1HIGH

Key Information:

Vendor: OpenBSD
Status: Libressl
Vendor: CVE Published:; 1 July 2021

Summary

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

References

https://github.com/libressl-portable/portable/commit/17c8...

x_refsource_MISC

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914

x_refsource_MISC

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2021
Vulnerability Reserved
Jul 1, 2021

.