CVSS v2 Base Score
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
None - the affected function is used internally in BoKS Manager but only with internally produced trusted data.
Still have questions? We can help. Submit a case to Technical Support.