You are here

U-113: OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service

February 29, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability was reported in OpenSSL.

PLATFORM:

Version(s): 0.9.7i

ABSTRACT:

A remote user can cause denial of service conditions.

reference LINKS:

Vendor Advisory
Security Tracker ID 1026746
CVE-2006-7248

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can send specially crafted S/MIME headers to trigger a null pointer dereference in the ANS.1 parser and cause the target application using OpenSSL to crash.

Impact:

Denial of service via network

Solution:

Fixed in the CVS repository.

Addthis