Out-of-Bounds Read Vulnerability in LibreSSL by The OpenBSD Foundation
CVE-2019-25049

7.1HIGH

Key Information:

Vendor

OpenBSD
Status
Libressl
Vendor
CVE Published:
1 July 2021

What is CVE-2019-25049?

An out-of-bounds read vulnerability exists in LibreSSL versions 2.9.1 through 3.2.1, triggered during the asn1_item_print_ctx function call from asn1_template_print_ctx. This flaw could lead to potential leaks of sensitive information and undermine the integrity of cryptographic operations, emphasizing the need for users to ensure their systems are updated to mitigate possible risks.

References

https://github.com/libressl-portable/portable/commit/17c8...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920
x_refsource_MISC
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.