FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

LibreSSL -- Memory leak and buffer overflow

Affected packages
libressl < 2.2.4

Details

VuXML ID e75a96df-73ca-11e5-9b45-b499baebfeaf
Discovery 2015-10-15
Entry 2015-10-16
Modified 2015-10-26

Qualys reports:

During the code review of OpenSMTPD a memory leak and buffer overflow (an off-by-one, usually stack-based) were discovered in LibreSSL's OBJ_obj2txt() function. This function is called automatically during a TLS handshake (both client-side, unless an anonymous mode is used, and server-side, if client authentication is requested).

References

CVE Name CVE-2015-5333
CVE Name CVE-2015-5334
URL http://marc.info/?l=openbsd-announce&m=144495690528446