CVE-2019-25048 — Out-of-bounds Read in Libressl

CWE-125 — Out-of-bounds Read2 documents2 sources

Severity

7.1HIGHNVD

EPSS

0.2%

top 55.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

1

Openbsd Libressl

Timeline

PublishedJul 1

Latest updateMay 24

Description

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

▶NVDopenbsd/libressl2.9.1 — 3.2.1

Patches

Patch: bugs.chromium.org ↗Patch: github.com ↗Patch: bugs.chromium.org ↗

🔴Vulnerability Details

1

GHSA

GHSA-f2vj-m3mq-wc4p: LibreSSL 2↗2022-05-24

▶