You are here

U-123: OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service

March 13, 2012 - 4:38am

Addthis

PROBLEM:

OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service

PLATFORM:

OpenSSL prior to 0.9.8u, 1.0.0h

ABSTRACT:

A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions.

Reference LINKS:

SecurityTracker Alert ID: 1026787
CVE-2012-1165

iMPACT ASSESSMENT:

Medium

Discussion:

A remote user can send specially crafted S/MIME headers to trigger a null pointer dereference in the ANS.1 parser and cause the target application using OpenSSL to crash. The vulnerability resides in the mime_param_cmp() function.

Impact:

A remote user can cause the application using OpenSSL to crash.

Solution:

The vendor has issued a fix (0.9.8u, 1.0.0h).

Addthis