LibreSSL Buffer Overflow Vulnerability (CVE-2015-5334)

LibreSSL Buffer Overflow Vulnerability (CVE-2015-5334)
LibreSSL Buffer Overflow Vulnerability (CVE-2015-5334)

Release date:
Updated on:

Affected Systems:

LibreSSL 2.0.0-2.3.0

Description:

CVE (CAN) ID: CVE-2015-5334

LibreSSL is a branch of the OpenSSL encryption software library and is an open source Implementation of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

The OBJ_obj2txt () function of LibreSSL writes the NULL Terminator out of bounds. A buffer overflow vulnerability exists in implementation. Remote attackers can exploit this vulnerability to execute remote code.

<* Source: LibreSSL

Link: http://www.securityfocus.com/archive/1/536692
*>

Suggestion:

Vendor patch:

LibreSSL
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.libressl.org/

OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)

Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian

OpenSSL "heartbleed" Security Vulnerability

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

LibreSSL details: click here
LibreSSL: click here

This article permanently updates the link address: