mailing list archives
Re: CVE request: openssl: null pointer dereference issue
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 28 Feb 2012 15:36:28 -0700
On 02/27/2012 10:17 AM, Kurt Seifried wrote:
On 02/27/2012 07:42 AM, Matthias Weckbecker wrote:
Hi Kurt, Steve, vendors,
bad S/MIME messages with crafted MIME headers can result in a NULL pointer
dereference in openssl's ans1 parser,
http://www.mail-archive.com/openssl-dev () openssl org/msg30305.html
Does it qualify for a CVE?
Ok did some more research and here's what we got:
First mention of this bug is in 2006:
So please use CVE-2006-7248 for this issue.
Due to the Novell/kadu miss-paste this CVE needs to be re-issued. Please
use CVE-2006-7250 for this OpenSSL issue.
Kurt Seifried Red Hat Security Response Team (SRT)