CVE-2017-8301

描述

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.

受影響套件(1)

• Alpine/libresslfrom 0, < 2.5.3-r1

CVSS 分數

參考連結(1)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2017-8301