N/A

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

N/A

N/A

LibreSSL 缓冲区错误漏洞

LibreSSL是一款安全套接层和传输层安全协议的开源实现。 LibreSSL 2.3.0之前版本中的‘OBJ_obj2txt’函数存在缓冲区错误漏洞，该漏洞源于程序没有正确检查边界。远程攻击者可借助特制X.509证书利用该漏洞执行任意代码。

N/A

N/A