PROBLEM:
OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service
PLATFORM:
OpenSSL prior to 0.9.8u, 1.0.0h
ABSTRACT:
A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions.
Reference LINKS:
SecurityTracker Alert ID: 1026787
CVE-2012-1165
iMPACT ASSESSMENT:
Medium
Discussion:
A remote user can send specially crafted S/MIME headers to trigger a null pointer dereference in the ANS.1 parser and cause the target application using OpenSSL to crash. The vulnerability resides in the mime_param_cmp() function.
Impact:
A remote user can cause the application using OpenSSL to crash.
Solution:
The vendor has issued a fix (0.9.8u, 1.0.0h).