CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
56.5%
An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-main | noarch | openssl | < 3.0.8-r0 | UNKNOWN |
Alpine | 3.15-main | noarch | openssl3 | < 3.0.8-r0 | UNKNOWN |
Alpine | 3.16-main | noarch | openssl3 | < 3.0.8-r0 | UNKNOWN |
Alpine | 3.17-main | noarch | openssl | < 3.0.8-r0 | UNKNOWN |
Alpine | 3.18-main | noarch | openssl | < 3.0.8-r0 | UNKNOWN |
Alpine | 3.19-main | noarch | openssl | < 3.0.8-r0 | UNKNOWN |
Alpine | 3.20-main | noarch | openssl | < 3.0.8-r0 | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
56.5%