OpenSSL’s ASN.1parser vulnerability
Vulnerability details
A vulnerability in OpenSSL’s ASN.1 parser has been discoverd, which when successfully exploited could lead to disclosure of sensitive information or Denial of Service.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
10/06/2021 |
Initial release |
v2 |
12/08/2021 |
Updating information |
Stormshield Network Security |
CVSS v3.1 Overall Score: 5 
|
Analysis
|
Impacted version
|
The successful exploitation of this vulnerability could allow an attacker to disclosure of sensitive information or cause a denial of service on flowing services: SSL Proxy, SSL VPN, IPSec VPN, Certificate authentication.
|
- SNS 2.0.0 to 2.7.8
- SNS 2.8.0 to 2.16.0
- SNS 3.0.0 to 3.7.20
- SNS 3.8.0 to 3.11.8
- SNS 4.0.0 to 4.2.4
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The vulnerability is fixed in versions:
- 2.7.9
- 3.7.21
- 3.11.9
- 4.2.5
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
Low |
None |
None |
Changed |
Low |
None |
Low |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
Low |
Low |
Low |