Missing X509_free() after SSL_get_peer_certificate().
The X509 object must be explicitly freed using X509_free().
Suggested description of the vulnerability for use in the CVE
Privacy leakage vulnerability in cyassl_connect_step2() function in Samsung Electronics TizenRT latest version (and earlier) due to missing X509_free() after SSL_get_peer_certificate().
Affected components
affected source code file: external/curl/vtls/cyassl.c
Attack vector(s)
Missing X509_free() after SSL_get_peer_certificate().
The X509 object must be explicitly freed using X509_free().
Suggested description of the vulnerability for use in the CVE
Privacy leakage vulnerability in cyassl_connect_step2() function in Samsung Electronics TizenRT latest version (and earlier) due to missing X509_free() after SSL_get_peer_certificate().
Discoverer(s)/Credits
UVScan
Reference(s)
https://www.openssl.org/docs/man1.1.1/man3/SSL_get_peer_certificate.html
TizenRT/external/curl/vtls/cyassl.c
Line 545 in f8f776d
The text was updated successfully, but these errors were encountered: