Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2015-5334

updated 1 month ago by @pyrox0 Activity log

Created automatic suggestion 1 month ago
@pyrox0 removed package netcat 1 month ago
@pyrox0 dismissed 1 month ago

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 …

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

References

http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html x_refsource_MISC
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt x_refsource_MISC
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-L… x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Oct/75 x_refsource_MISC
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded x_refsource_MISC
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-L… x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2015/Oct/75 x_refsource_MISC x_transferred
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded x_refsource_MISC x_transferred
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html x_refsource_MISC x_transferred
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt x_refsource_MISC x_transferred
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-L… x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Oct/75 x_refsource_MISC
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html x_refsource_MISC
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt x_refsource_MISC
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-L… x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2015/Oct/75 x_refsource_MISC x_transferred
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded x_refsource_MISC x_transferred
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html x_refsource_MISC x_transferred
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt x_refsource_MISC x_transferred

Affected products

LibreSSL

==before 2.3.1

Matching in nixpkgs

pkgs.libressl

Free TLS/SSL implementation

nixos-unstable 4.2.1
- nixpkgs-unstable 4.2.1
- nixos-unstable-small 4.2.1
nixos-25.11 4.2.1
- nixos-25.11-small 4.2.1
- nixpkgs-25.11-darwin 4.2.1

pkgs.libressl_4_0

Free TLS/SSL implementation

pkgs.libressl_4_1

Free TLS/SSL implementation

nixos-unstable 4.1.2
- nixpkgs-unstable 4.1.2
- nixos-unstable-small 4.1.2
nixos-25.11 4.1.2
- nixos-25.11-small 4.1.2
- nixpkgs-25.11-darwin 4.1.2

pkgs.libressl_4_2

Free TLS/SSL implementation

nixos-unstable 4.2.1
- nixpkgs-unstable 4.2.1
- nixos-unstable-small 4.2.1
nixos-25.11 4.2.1
- nixos-25.11-small 4.2.1
- nixpkgs-25.11-darwin 4.2.1

Ignored packages (1)

pkgs.netcat

Utility which reads and writes data across network connections — LibreSSL implementation

nixos-unstable 4.2.1
- nixpkgs-unstable 4.2.1
- nixos-unstable-small 4.2.1
nixos-25.11 4.2.1
- nixos-25.11-small 4.2.1
- nixpkgs-25.11-darwin 4.2.1

Package maintainers

@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@thoughtpolice Austin Seipp <aseipp@pobox.com>

Does not apply to nixpkgs