FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

LibreSSL -- Arbitrary memory read

Affected packages
libressl < 3.5.4
libressl-devel < 3.6.2

Details

VuXML ID 1dd84344-a7da-11ed-86e9-d4c9ef517024
Discovery 2023-02-08
Entry 2023-02-08

The OpenBSD project reports:

A malicious certificate revocation list or timestamp response token would allow an attacker to read arbitrary memory.

References

URL https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt