oss-sec mailing list archives
Re: CVE request: openssl: null pointer dereference issue
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 12 Mar 2012 14:09:36 -0600
On 03/12/2012 11:39 AM, Tomas Hoger wrote:
Note that additional similar issue in mime_param_cmp was fixed in 0.9.8u and 1.0.0h as: http://cvs.openssl.org/chngview?cn=22252 This can also be triggered by malformed S/MIME message. The above commit also corrects an issue with the previous mime_hdr_cmp fix that could cause the function to return either "less than" or "greater than" when comparing NULL to non-NULL. There's no known security impact of this change, it seems it could cause verification / decryption to fail when it can succeed. Reported by "bla".
Please use CVE-2012-1165 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE request: openssl: null pointer dereference issue Matthias Weckbecker (Feb 27)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 27)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 28)
- Re: CVE request: openssl: null pointer dereference issue Tomas Hoger (Mar 12)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Mar 12)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Mar 12)
- Re: CVE request: openssl: null pointer dereference issue Tomas Hoger (Mar 13)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 27)