You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We upgraded OpenSSL in the latest Nmap version 7.92 because that version fixes some CVE's. The vulnerabilities don't affect Nmap in a material way, but I still wanted to add this issue to document our (quick) research on these CVE's.
CVE-2021-3450 - Nmap does not set the X509_V_FLAG_X509_STRICT flag, so this vulnerability is not applicable.
CVE-2021-3449 - This issue affects ncat in listen mode with SSL enabled (ncat.exe -l --ssl). Nmap is not affected.
CVE-2021-23841 - Nmap does not use the X509_issuer_and_serial_hash function, so this vulnerability is not applicable.
CVE-2021-23840 - This vulnerability may affect certain NSE scripts and Nping in echo server or echo client mode. Ncat and all non-NSE Nmap features are unaffected. It would be a crash at worst.
CVE-2020-1971 - Nmap does not do CRL verification, nor does any Nmap code call GENERAL_NAME_cmp or any TS_RESP_* API functions, so Nmap is unaffected.
The text was updated successfully, but these errors were encountered:
We upgraded OpenSSL in the latest Nmap version 7.92 because that version fixes some CVE's. The vulnerabilities don't affect Nmap in a material way, but I still wanted to add this issue to document our (quick) research on these CVE's.
The text was updated successfully, but these errors were encountered: