lua-openssl_project/lua-openssl: The latest CVE Vulnerabilities and Exploits for Penetration Test
lua-openssl_project/lua-openssl Vulnerability Summary
- Vendor name: lua-openssl_project
- Product name: lua-openssl
- Total vulnerabilities: 3 (as 2023-05-04)
lua-openssl_project/lua-openssl Vulnerability List
CVE-2020-9433: openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because…
Published: 2020-02-27T23:15:00 Last Modified: 2020-02-28T16:32:00
Summary
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-9433 vulnerability.
References
See also: All popular products CVE Vulnerabilities of lua-openssl_project
CVE-2020-9432: openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it…
Published: 2020-02-27T23:15:00 Last Modified: 2020-02-28T16:32:00
Summary
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-9432 vulnerability.
References
See also: All popular products CVE Vulnerabilities of lua-openssl_project
CVE-2020-9434: openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because…
Published: 2020-02-27T23:15:00 Last Modified: 2020-02-28T16:26:00
Summary
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation
CWE Description: The software does not validate, or incorrectly validates, a certificate.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-9434 vulnerability.
References
See also: All popular products CVE Vulnerabilities of lua-openssl_project