A vulnerability has been reported in OpenSSL
The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.
A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio.
Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.
Applications using the memory based ASN1 functions (d2i_X509, d2i_PKCS12 etc) are not affected. In particular the SSL/TLS code of OpenSSL is *not* affected.
S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS *are* affected.
The OpenSSL command line utility is also affected if used to process untrusted data in DER format.
System Access From Remote
Update to version 0.9.8v, 1.0.1a, and 1.0.0i.