News

LibreSSL suffers from memory leak and buffer overflow vulnerability

By admin
Spread the love

Qualys security researchers have found two vulnerabilities in LibreSSL. The open source implementation of the SSL protocol suffers from a memory leak and a buffer overflow vulnerability in a function. In OpenBSD they are probably not exploitable.

Qualys was looking for remote code execution capabilities through recently discovered OpenSmtpd vulnerabilities, the company writes. OpenSmtpd is an smtp daemon developed by the OpenBSD team with high security and good performance as its main goals.

Remote code execution capabilities were not found, but when searching for them, the company did find a memory leak in LibreSSL’s OBJ_obj2txt() function. This open source implementation of the SSL protocol uses OpenSmtpd. Using the vulnerabilities, attackers can crash systems and potentially execute code.

The vulnerabilities are in all versions of LibreSSL. The developers are working on a solution. OpenSSL is not affected and the vulnerabilities are unlikely to be exploited in OpenBSD, the discoverers write. LibreSSL is a fork of OpenSSL, which was created after the Heartbleed bug revealed a serious vulnerability in OpenSSL’s code. For example, in addition to OpenBSD, OpenELEC uses LibreSSL.

You might also like
News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

‘AMD wants to sell Radeon RX 7700 and RX 7800 series from September’

News

PC version Ratchet & Clank: Rift Apart required by DirectStorage 1.2 no SSD