VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Opsfolio Community
November 1, 2022, 11 months ago
65

Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the vulnerabilities has reduced from CRITICAL to HIGH, and OpenSSL 3.0.7 addresses the issues. Description Two buffer overflows have been reported in the OpenSSL 3.0.x branch prior to version 3.0.7 that, when exploited, may lead to denial of services or, in...

Source: https://kb.cert.org/vuls/id/794340

VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Subscribe To Our Newsletter!

Popular Posts

What A Cybersecurity Degree Teach You About Protecting Businesses Against Threats

Steps to creating a healthcare app

Cybersecurity Tips For Freelance Healthcare Workers

How to Create a Secure Healthcare Website?

How to keep your child safe from infections when you are not at home?

POPULAR Media

Ransomware Payouts Are On The Rise

Defense Against Socially Engineered Attacks

Address Ransomware With Multiple Layered Security

Hitrust – Streamlining the Compliance Process