Date: Mon, 12 Mar 2012 18:39:26 +0100 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: openssl: null pointer dereference issue On Mon, 27 Feb 2012 15:42:44 +0100 Matthias Weckbecker wrote: > bad S/MIME messages with crafted MIME headers can result in a NULL > pointer dereference in openssl's ans1 parser, > > https://bugzilla.novell.com/show_bug.cgi?id=748738 > http://www.mail-archive.com/openssl-dev@...nssl.org/msg30305.html > http://cvs.openssl.org/chngview?cn=22144 Note that additional similar issue in mime_param_cmp was fixed in 0.9.8u and 1.0.0h as: http://cvs.openssl.org/chngview?cn=22252 This can also be triggered by malformed S/MIME message. The above commit also corrects an issue with the previous mime_hdr_cmp fix that could cause the function to return either "less than" or "greater than" when comparing NULL to non-NULL. There's no known security impact of this change, it seems it could cause verification / decryption to fail when it can succeed. Reported by "bla". -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ