CVE-2015-5334 in Mac OS Xinfo

Summary

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

07/01/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
81468	Apple Mac OS X OpenSSH out-of-bounds write	787	Proof-of-Concept	Official fix	CVE-2015-5334
79583	Apple Mac OS X OpenSSH memory corruption	119	Not defined	Official fix	CVE-2015-5334
78551	LibreSSL OBJ_obj2txt memory corruption	119	Proof-of-Concept	Unavailable	CVE-2015-5334

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!