{"id":"CVE-2019-25049","details":"LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).","modified":"2026-04-11T04:02:10.871003Z","published":"2021-07-01T03:15:07.600Z","references":[{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1965.yaml"},{"type":"FIX","url":"https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a"},{"type":"FIX","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libressl-portable/portable","events":[{"introduced":"a7568168911492ee1206f5054169f130ac2c0cc9"},{"last_affected":"8910e9d5ca978a34f5ef91845ed5003b8ff19f5b"}],"database_specific":{"versions":[{"introduced":"2.9.1"},{"last_affected":"3.2.1"}]}},{"type":"GIT","repo":"https://github.com/libressl/portable","events":[{"introduced":"0"},{"fixed":"17c88164016df821df2dff4b2b1291291ec4f28a"}]}],"versions":["v2.1.2","v2.1.3","v2.1.4","v2.2.0","v2.2.1","v2.2.2","v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.4.1","v2.5.0","v2.5.1","v2.5.2","v2.6.0","v2.6.1","v2.6.2","v2.7.0","v2.7.1","v2.8.0","v2.8.1","v2.9.0","v3.0.0","v3.0.1","v3.1.0","v3.2.0","v3.2.1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:02:10Z","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["15639898308729927978247378005892811868","76407720821467865174633925356724004625","130156156048970410686116810127046487736","84248831846572352076439490742949939391","267779803265829542691667918525065220225","210452100765747438824006292519864918327","132179612794580766846319612248323244003","239535219939452731868631818101800154990","153811501269921490264180862532013282835","242303426921549527578675504669369538548","18419159934902252177632296374866301352","188191144103931442352891934255782128618","332808576249300172380795322822804514505","270553827716499702466958773130396242437","30291165809836807875117337869816899675","108698066641428372755672646107801044273","298647186799070494271795774822929189071","122558147826555689524620402272928240303","94782551296599679341297896071496059999","7802401407722668597074501627206107632","24830338903469308420758827558518595324","130402100494391250054648755999608333159","253315623147940966158236780713721425434","209761980117150996460856475110077468345"]},"deprecated":false,"source":"https://github.com/libressl/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a","target":{"file":"include/compat/pthread.h"},"signature_type":"Line","id":"CVE-2019-25049-147a6fbc","signature_version":"v1"},{"digest":{"function_hash":"244780377053432012148940938620421719693","length":82},"deprecated":false,"source":"https://github.com/libressl/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a","target":{"function":"pthread_mutex_unlock","file":"include/compat/pthread.h"},"signature_type":"Function","id":"CVE-2019-25049-1c1beeb3","signature_version":"v1"},{"digest":{"function_hash":"244780377053432012148940938620421719693","length":82},"deprecated":false,"source":"https://github.com/libressl/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a","target":{"function":"pthread_mutex_lock","file":"include/compat/pthread.h"},"signature_type":"Function","id":"CVE-2019-25049-7b6002ac","signature_version":"v1"},{"digest":{"function_hash":"61046846630727700975991710224846621072","length":104},"deprecated":false,"source":"https://github.com/libressl/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a","target":{"function":"pthread_mutex_init","file":"include/compat/pthread.h"},"signature_type":"Function","id":"CVE-2019-25049-da853d25","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25049.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}