PT-2021-23347 · Openssl+1 · Libressl+1

Goldbinocle

Published

2021-09-23

Updated

2023-09-16

CVE-2021-41581

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibreSSL versions through 3.4.0

Description The issue is related to a stack-based buffer over-read in the x509 constraints parse mailbox function in lib/libcrypto/x509/x509 constraints.c. This occurs when the input exceeds DOMAIN PART MAX LEN, resulting in the buffer lacking '0' termination.

Recommendations For versions through 3.4.0, update to a version later than 3.4.0 to resolve the issue. As a temporary workaround, consider restricting input to prevent it from exceeding DOMAIN PART MAX LEN until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2022-1067

ALT-PU-2023-4398

ALT-PU-2023-5593

CVE-2021-41581

Affected Products

Alt Linux

Libressl

PT-2021-23347 · Openssl+1 · Libressl+1

CVE-2021-41581

Weakness Enumeration

Related Identifiers

Affected Products

References · 5