CVE-2015-5334
CRITICAL
9.8
Our Analysis: General Purpose
Our model has classified this vulnerability as relevant to General Purpose Systems, helping your team prioritize efforts effectively.
Published Date
January 23, 2020
Last Modified
November 21, 2024
CVSS Vector
Not Available
Description
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.