CVE-2019-25048
First published: Thu Jul 01 2021(Updated: )
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openbsd Libressl | >=2.9.1<=3.2.1 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-25048?
CVE-2019-25048 is a vulnerability in LibreSSL versions 2.9.1 through 3.2.1 that allows for a heap-based buffer over-read.
How does CVE-2019-25048 affect OpenBSD LibreSSL?
CVE-2019-25048 affects OpenBSD LibreSSL versions 2.9.1 through 3.2.1.
What is the severity of CVE-2019-25048?
CVE-2019-25048 has a severity rating of 7.1 (high).
How can I fix CVE-2019-25048?
To fix CVE-2019-25048, update to a version of LibreSSL that is later than 3.2.1.
Where can I find more information about CVE-2019-25048?
More information about CVE-2019-25048 can be found at the following references: [Reference 1](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914), [Reference 2](https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml), [Reference 3](https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a).
- collector/nvd-index
- vendor/openbsd
- canonical/openbsd libressl
- version/openbsd libressl/2.9.1
- version/openbsd libressl/3.2.1
- vendor/linux
- canonical/linux linux kernel