CPE-1751EF6F-DB1D-4EEE-B292-C4337B1A7409 Detail

CPE Details

OpenBSD LibreSSL 2.7.0

Vendor

openbsd

Product

libressl

Version

2.7.0

Created

2019-06-03
16h04 +00:00

Modified

2019-06-03
16h04 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:openbsd:libressl:2.7.0:::::::*

Informations

Vendor

openbsd

Product

libressl

Version

2.7.0

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-35784	2023-06-15 22h00 +00:00	A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.	9.8	Critical
CVE-2021-46880	2023-04-14 00h00 +00:00	x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.	9.8	Critical
CVE-2022-48437	2023-04-12 00h00 +00:00	An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.	5.3	Medium
CVE-2021-41581	2021-09-24 00h12 +00:00	x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.	5.5	Medium
CVE-2018-12434	2018-06-15 02h00 +00:00	LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.	4.7	Medium
CVE-2018-8970	2018-03-24 20h00 +00:00	The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not.	7.4	High

OpenBSD LibreSSL 2.7.0

CPE Details

CPE Name: cpe:2.3:a:openbsd:libressl:2.7.0:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:openbsd:libressl:2.7.0:::::::*