Updated: 2024-02-04 19:11:37.401725
Description:
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | openssl | 3.0.7 | 7.5 | HIGH | Already Fixed | 2023-11-08 08:35:50 | |
AlmaLinux 9.2 FIPS | openssl | 3.0.7 | 7.5 | HIGH | Already Fixed | 2023-11-27 10:09:01 | |
Ubuntu 18.04 ELS | openssl | 1.1.1-1 | 7.5 | HIGH | Not Vulnerable | 2023-11-06 08:34:49 |