Full Disclosure mailing list archives
Re: [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 30 Sep 2003 17:17:17 +0200
On Tue, Sep 30, 2003 at 03:27:50PM +0100, Mark J Cox wrote:
Who is affected? - ---------------- All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected. Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Does verifying a RSA signature also count? IIRC the ASN.1 parser is invoked during the process (to check the padding). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing Mark J Cox (Sep 30)
- Re: [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing Florian Weimer (Sep 30)