Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: openssl: null pointer dereference issue
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 12 Mar 2012 18:39:26 +0100

On Mon, 27 Feb 2012 15:42:44 +0100 Matthias Weckbecker wrote:

bad S/MIME messages with crafted MIME headers can result in a NULL
pointer dereference in openssl's ans1 parser,

 http://www.mail-archive.com/openssl-dev () openssl org/msg30305.html

Note that additional similar issue in mime_param_cmp was fixed in
0.9.8u and 1.0.0h as:

This can also be triggered by malformed S/MIME message.

The above commit also corrects an issue with the previous mime_hdr_cmp
fix that could cause the function to return either "less than" or
"greater than" when comparing NULL to non-NULL.  There's no known
security impact of this change, it seems it could cause verification /
decryption to fail when it can succeed. Reported by "bla".

Tomas Hoger / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]