oss-sec mailing list archives
Re: CVE request: openssl: null pointer dereference issue
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 27 Feb 2012 10:17:20 -0700
On 02/27/2012 07:42 AM, Matthias Weckbecker wrote:
Hi Kurt, Steve, vendors, bad S/MIME messages with crafted MIME headers can result in a NULL pointer dereference in openssl's ans1 parser, https://bugzilla.novell.com/show_bug.cgi?id=748738 http://www.mail-archive.com/openssl-dev () openssl org/msg30305.html http://cvs.openssl.org/chngview?cn=22144 Does it qualify for a CVE? Thanks, Matthias
Ok did some more research and here's what we got: First mention of this bug is in 2006: http://marc.info/?l=openssl-dev&m=115685408414194&w=2 So please use CVE-2006-7248 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE request: openssl: null pointer dereference issue Matthias Weckbecker (Feb 27)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 27)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 28)
- Re: CVE request: openssl: null pointer dereference issue Tomas Hoger (Mar 12)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Mar 12)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Mar 12)
- Re: CVE request: openssl: null pointer dereference issue Tomas Hoger (Mar 13)
- Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 27)