oss-sec mailing list archives
Re: CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access
From: "Dr. Christopher Kunz" <info () christopher-kunz de>
Date: Wed, 23 Oct 2024 11:10:28 +0200
Am 16.10.24 um 19:08 schrieb Tomas Mraz:
OpenSSL Security Advisory [16th October 2024] ============================================= Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143) ============================================================================== Severity: Low
Good morning everyone,while OpenSSL rates this issue as "low severity", SuSE assesses it as "moderate", with a CVSS 3.1 of 7.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).
I'm curious about these two quite different assessments. Could OpenSSL and SuSE maybe elaborate a little?
Thanks, --cku
Current thread:
- CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access Tomas Mraz (Oct 16)
- Re: CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access Dr. Christopher Kunz (Oct 23)
- Re: CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access Dr. Christopher Kunz (Oct 24)
- Re: CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access Dr. Christopher Kunz (Oct 23)