Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <93820967-9c9c-4a21-8611-418d56dfd645@christopher-kunz.de>
Date: Wed, 23 Oct 2024 11:10:28 +0200
From: "Dr. Christopher Kunz" <info@...istopher-kunz.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m)
 parameters lead to OOB memory access

Am 16.10.24 um 19:08 schrieb Tomas Mraz:
> OpenSSL Security Advisory [16th October 2024]
> =============================================
>
> Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143)
> ==============================================================================
>
> Severity: Low


Good morning everyone,

while OpenSSL rates this issue as "low severity", SuSE assesses it as 
"moderate", with a CVSS 3.1 of 7.0 
(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).

I'm curious about these two quite different assessments. Could OpenSSL 
and SuSE maybe elaborate a little?

Thanks,

--cku

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.