CVE-2021-41581

5.5MEDIUM

Key Information:

Vendor: OpenBSD
Status: Libressl
Vendor: CVE Published:; 24 September 2021

Summary

x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.

References

https://github.com/libressl-portable/openbsd/issues/126

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 24, 2021
Vulnerability Reserved
Sep 24, 2021