Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSL ASN1_TFLG_COMBINE 信息泄露漏洞
Vulnerability Description
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的crypto/asn1/tasn_dec.c文件中的ASN1_TFLG_COMBINE实现过程中存在安全漏洞,该漏洞源于程序没有正确处理畸形的X509_ATTRIBUTE数据引发的错误。远程攻击者可通过在PKCS#7或CMS应用程序中触发解码失败利用该漏洞获取进程内存中的敏感信息。以下版本受到影
CVSS Information
N/A
Vulnerability Type
N/A