Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

CNA Affected

[
  {
    "product": "LibreSSL",
    "vendor": "LibreSSL",
    "versions": [
      {
        "status": "affected",
        "version": "before 2.3.1"
      }
    ]
  }
]

References

ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt

lists.opensuse.org/opensuse-updates/2015-10/msg00050.html

packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html

seclists.org/fulldisclosure/2015/Oct/75

www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded

prion 2

nvd 2

cve 2

securityvulns 4

f5 2

cvelist 1

ibm 31

ubuntucve 1

openssl 1

veracode 1

debiancve 1

nessus 53

freebsd 2

openvas 34

centos 2

redhat 3

debian 2

oraclelinux 8

freebsd_advisory 1

slackware 1

amazon 1

mageia 1

aix 1

huawei 1

ubuntu 1

kaspersky 1

osv 1

fedora 8

altlinux 5

suse 2

lenovo 2

apple 4

prion

Stack overflow

2020-01-23 20:15:00

Design/Logic Flaw

2014-08-13 23:55:00

nvd

CVE-2015-5334

2020-01-23 20:15:12

CVE-2014-3508

2014-08-13 23:55:07

cve

CVE-2015-5334

2020-01-23 20:15:12

CVE-2014-3508

2014-08-13 23:55:07

securityvulns

Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)

2015-10-19 00:00:00

LibreSSL security vulnerabilities

2015-10-19 00:00:00

OpenSSL multiple security vulnerabilities

2014-08-07 00:00:00

K15571 : OpenSSL vulnerability CVE-2014-3508

2014-09-05 00:00:00

SOL15571 - OpenSSL vulnerability CVE-2014-3508

2014-09-05 00:00:00

cvelist

CVE-2014-3508

2014-08-13 23:00:00

ibm

Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ Advanced Message Security for IBM i platform (CVE-2014-3508)

2018-06-15 07:01:35

Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM Workload Deployer.

2018-06-15 07:02:21

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2014-3508, CVE-2014-3511)

2020-07-24 22:19:08

ubuntucve

CVE-2014-3508

2014-08-07 00:00:00

openssl

Vulnerability in OpenSSL CVE-2014-3508

2014-08-06 00:00:00

veracode

Information Disclosure

2017-02-07 01:12:09

debiancve

CVE-2014-3508

2014-08-13 23:55:07

nessus

openSUSE Security Update : libressl (openSUSE-2015-681)

2015-10-28 00:00:00

FreeBSD : LibreSSL -- Memory leak and buffer overflow (e75a96df-73ca-11e5-9b45-b499baebfeaf)

2015-10-19 00:00:00

Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3508_information_disclosure)

2015-01-19 00:00:00

freebsd

LibreSSL -- Memory leak and buffer overflow

2015-10-15 00:00:00

OpenSSL -- multiple vulnerabilities

2014-08-06 00:00:00

openvas

Debian: Security Advisory (DLA-33-1)

2023-03-08 00:00:00

RedHat Update for openssl RHSA-2014:1053-01

2014-08-14 00:00:00

SUSE: Security Advisory (SUSE-SU-2014:1104-1)

2021-06-09 00:00:00

centos

openssl security update

2014-08-13 19:52:24

openssl security update

2014-08-13 20:10:43

redhat

(RHSA-2014:1053) Moderate: openssl security update

2014-08-13 00:00:00

(RHSA-2014:1052) Moderate: openssl security update

2014-08-13 00:00:00

(RHSA-2014:1054) Moderate: openssl security update

2014-08-14 00:00:00

debian

[DLA 33-1] openssl security update

2014-08-07 20:36:09

[SECURITY] [DSA 2998-1] openssl security update

2014-08-06 23:44:13

oraclelinux

openssl security update

2014-08-13 00:00:00

openssl security update

2014-08-13 00:00:00

openssl security update

2014-10-16 00:00:00

freebsd_advisory

FreeBSD-SA-14:18.openssl

2014-09-09 00:00:00

slackware

[slackware-security] openssl

2014-08-08 21:22:00

amazon

Medium: openssl

2014-08-07 12:26:00

mageia

Updated openssl packages fix security vulnerabilities

2014-08-12 13:16:46

aix

AIX OpenSSL Denial of Service due to double free and others

2014-09-09 00:50:00

huawei

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

2014-10-08 00:00:00

ubuntu

OpenSSL vulnerabilities

2014-08-07 00:00:00

kaspersky

KLA10343 Multiple vulnerabilities in Stunnel

2014-08-07 00:00:00

osv

openssl - security update

2014-08-07 00:00:00

fedora

[SECURITY] Fedora 21 Update: mingw-openssl-1.0.1j-1.fc21

2015-01-02 05:06:53

[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20

2014-08-09 07:36:05

[SECURITY] Fedora 19 Update: openssl-1.0.1e-39.fc19

2014-08-09 07:34:58

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt0.M70P.1

2014-10-31 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1

2014-10-30 00:00:00

Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt1

2014-10-30 00:00:00

suse

Security update for compat-openssl097g (important)

2015-03-24 00:05:09

Security update for libopenssl0_9_8 (important)

2016-03-03 14:11:44

lenovo

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

2018-11-13 17:10:51

Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US

2018-11-13 17:10:51

apple

About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support

2017-01-23 03:54:34

About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002

2016-03-21 00:00:00

About the security content of macOS Mojave 10.14

2018-09-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.9 Medium

AI Score

Confidence

Low

0.47 Medium

EPSS

Percentile

97.5%

JSON

Related for CVELIST:CVE-2015-5334