LibreSSL suffers from memory leak and buffer overflow vulnerability

Spread the love

Qualys security researchers have found two vulnerabilities in LibreSSL. The open source implementation of the SSL protocol suffers from a memory leak and a buffer overflow vulnerability in a function. In OpenBSD they are probably not exploitable.

Qualys was looking for remote code execution capabilities through recently discovered OpenSmtpd vulnerabilities, the company writes. OpenSmtpd is an smtp daemon developed by the OpenBSD team with high security and good performance as its main goals.

Remote code execution capabilities were not found, but when searching for them, the company did find a memory leak in LibreSSL’s OBJ_obj2txt() function. This open source implementation of the SSL protocol uses OpenSmtpd. Using the vulnerabilities, attackers can crash systems and potentially execute code.

The vulnerabilities are in all versions of LibreSSL. The developers are working on a solution. OpenSSL is not affected and the vulnerabilities are unlikely to be exploited in OpenBSD, the discoverers write. LibreSSL is a fork of OpenSSL, which was created after the Heartbleed bug revealed a serious vulnerability in OpenSSL’s code. For example, in addition to OpenBSD, OpenELEC uses LibreSSL.

You might also like
Exit mobile version