The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
2014-08-13T23:55:07.497
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | 0.9.8 | Yes |
| Application | openssl | openssl | 0.9.8a | Yes |
| Application | openssl | openssl | 0.9.8b | Yes |
| Application | openssl | openssl | 0.9.8c | Yes |
| Application | openssl | openssl | 0.9.8d | Yes |
| Application | openssl | openssl | 0.9.8e | Yes |
| Application | openssl | openssl | 0.9.8f | Yes |
| Application | openssl | openssl | 0.9.8g | Yes |
| Application | openssl | openssl | 0.9.8h | Yes |
| Application | openssl | openssl | 0.9.8i | Yes |
| Application | openssl | openssl | 0.9.8j | Yes |
| Application | openssl | openssl | 0.9.8k | Yes |
| Application | openssl | openssl | 0.9.8l | Yes |
| Application | openssl | openssl | 0.9.8m | Yes |
| Application | openssl | openssl | 0.9.8m | Yes |
| Application | openssl | openssl | 0.9.8n | Yes |
| Application | openssl | openssl | 0.9.8o | Yes |
| Application | openssl | openssl | 0.9.8p | Yes |
| Application | openssl | openssl | 0.9.8q | Yes |
| Application | openssl | openssl | 0.9.8r | Yes |
| Application | openssl | openssl | 0.9.8s | Yes |
| Application | openssl | openssl | 0.9.8t | Yes |
| Application | openssl | openssl | 0.9.8u | Yes |
| Application | openssl | openssl | 0.9.8v | Yes |
| Application | openssl | openssl | 0.9.8w | Yes |
| Application | openssl | openssl | 0.9.8x | Yes |
| Application | openssl | openssl | 0.9.8y | Yes |
| Application | openssl | openssl | 0.9.8za | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0 | Yes |
| Application | openssl | openssl | 1.0.0a | Yes |
| Application | openssl | openssl | 1.0.0b | Yes |
| Application | openssl | openssl | 1.0.0c | Yes |
| Application | openssl | openssl | 1.0.0d | Yes |
| Application | openssl | openssl | 1.0.0e | Yes |
| Application | openssl | openssl | 1.0.0f | Yes |
| Application | openssl | openssl | 1.0.0g | Yes |
| Application | openssl | openssl | 1.0.0h | Yes |
| Application | openssl | openssl | 1.0.0i | Yes |
| Application | openssl | openssl | 1.0.0j | Yes |
| Application | openssl | openssl | 1.0.0k | Yes |
| Application | openssl | openssl | 1.0.0l | Yes |
| Application | openssl | openssl | 1.0.0m | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1a | Yes |
| Application | openssl | openssl | 1.0.1b | Yes |
| Application | openssl | openssl | 1.0.1c | Yes |
| Application | openssl | openssl | 1.0.1d | Yes |
| Application | openssl | openssl | 1.0.1e | Yes |
| Application | openssl | openssl | 1.0.1f | Yes |
| Application | openssl | openssl | 1.0.1g | Yes |
| Application | openssl | openssl | 1.0.1h | Yes |