Veracode Vulnerability DatabaseVERACODE:31820Denial Of Service
0.004 Low
EPSS
Percentile
72.0%
openssl is vulnerable to denial of service. The vulnerability exists due to the system constructing valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the “data” and “length” fields in the ASN1_STRING array.
References
www.openwall.com/lists/oss-security/2021/08/26/2
cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
kc.mcafee.com/corporate/index?page=content&id=SB10366
lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
lists.debian.org/debian-lts-announce/2021/09/msg00014.html
lists.debian.org/debian-lts-announce/2021/09/msg00021.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
security.netapp.com/advisory/ntap-20210827-0010/
www.debian.org/security/2021/dsa-4963
www.openssl.org/news/secadv/20210824.txt
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpuoct2021.html
www.tenable.com/security/tns-2021-16
www.tenable.com/security/tns-2022-02
Related
