Nixpkgs Security Tracker

Permalink CVE-2015-5333

created 1 month ago

Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 …

Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.

References

http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html x_refsource_MISC
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-L… x_refsource_MISC
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt x_refsource_CONFIRM
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-L… x_transferred x_refsource_MISC
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt x_transferred x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded x_transferred x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html x_transferred x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html x_refsource_MISC
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-L… x_refsource_MISC
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded x_refsource_MISC
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-L… x_transferred x_refsource_MISC
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt x_transferred x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded x_transferred x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html x_transferred x_refsource_MISC

Affected products

LibreSSL

==before 2.3.1

Matching in nixpkgs

pkgs.netcat

Utility which reads and writes data across network connections — LibreSSL implementation

nixos-unstable 4.2.1
- nixpkgs-unstable 4.2.1
- nixos-unstable-small 4.2.1
nixos-25.11 4.2.1
- nixos-25.11-small 4.2.1
- nixpkgs-25.11-darwin 4.2.1

pkgs.libressl

Free TLS/SSL implementation

nixos-unstable 4.2.1
- nixpkgs-unstable 4.2.1
- nixos-unstable-small 4.2.1
nixos-25.11 4.2.1
- nixos-25.11-small 4.2.1
- nixpkgs-25.11-darwin 4.2.1

pkgs.libressl_4_0

Free TLS/SSL implementation

pkgs.libressl_4_1

Free TLS/SSL implementation

nixos-unstable 4.1.2
- nixpkgs-unstable 4.1.2
- nixos-unstable-small 4.1.2
nixos-25.11 4.1.2
- nixos-25.11-small 4.1.2
- nixpkgs-25.11-darwin 4.1.2

pkgs.libressl_4_2

Free TLS/SSL implementation

nixos-unstable 4.2.1
- nixpkgs-unstable 4.2.1
- nixos-unstable-small 4.2.1
nixos-25.11 4.2.1
- nixos-25.11-small 4.2.1
- nixpkgs-25.11-darwin 4.2.1

Package maintainers

@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@thoughtpolice Austin Seipp <aseipp@pobox.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.netcat

pkgs.libressl

pkgs.libressl_4_0

pkgs.libressl_4_1

pkgs.libressl_4_2

Package maintainers