Description

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.

Remediation

References

CVE-2014-3508

Related Vulnerabilities

WordPress Plugin Login Block IPs Cross-Site Request Forgery (1.0.0)

MySQL CVE-2020-14829 Vulnerability (CVE-2020-14829)

WordPress Cross-Site Scripting Vulnerability (0.70 - 3.7.11)

OpenSSL Resource Management Errors Vulnerability (CVE-2012-1165)

Oracle JRE CVE-2013-2443 Vulnerability (CVE-2013-2443)

Severity

Medium

Classification

CVE-2014-3508 CWE-200

Tags

Missing Update Known Vulnerabilities