Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.
[
{
"product": "LibreSSL",
"vendor": "LibreSSL",
"versions": [
{
"status": "affected",
"version": "before 2.3.1"
}
]
}
]
ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt
lists.opensuse.org/opensuse-updates/2015-10/msg00050.html
packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html
seclists.org/fulldisclosure/2015/Oct/75
www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded