CVE-2021-41581 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Information disclosure |
| Description | x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL before version 3.3.5 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2417 | libressl | 3.3.4-1 | 3.3.5-1 | Medium | Fixed |
| References |
|---|
https://github.com/libressl-portable/openbsd/issues/126 https://github.com/libressl-portable/openbsd/commit/c45424a9d7ec9390195d651ab9344bc8ecba3401 |