Re: [oss-security] CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access

Dr. Christopher Kunz Wed, 23 Oct 2024 08:26:05 -0700

Am 16.10.24 um 19:08 schrieb Tomas Mraz:

OpenSSL Security Advisory [16th October 2024]
=============================================


Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143)
==============================================================================

Severity: Low



Good morning everyone,

while OpenSSL rates this issue as "low severity", SuSE assesses it as"moderate", with a CVSS 3.1 of 7.0(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).

I'm curious about these two quite different assessments. Could OpenSSLand SuSE maybe elaborate a little?


Thanks,

--cku

Re: [oss-security] CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access

Reply via email to