CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
61.1%
openssl is vulnerable to Denial Of Service. The vulnerability is due to improper processing of maliciously formatted PKCS12 file. A PKCS12 file loads from untrusted source and can crash openssl leading to Denial Of Service.
www.openwall.com/lists/oss-security/2024/03/11/1
github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
secdb.alpinelinux.org/v3.19/main.yaml
security.netapp.com/advisory/ntap-20240208-0006/
www.openssl.org/news/secadv/20240125.txt
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
61.1%