![]() ![]() Fixed in OpenSSL 1.1.1t (git commit) (Affected since 1.1.1).As such, this vulnerability is most likely to only affectĪpplications which have implemented their own functionality for retrieving CRLs Input must already contain an X.400 address as a CRL distribution point, which If the attacker only controls one of these inputs, the other Provide both the certificate chain and CRL, neither of which need to have a In most cases, the attack requires the attacker to X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to passĪrbitrary pointers to a memcmp call, enabling them to read memory contents orĮnact a denial of service. The OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anĪSN1_STRING. This field is subsequently interpreted by The public structure definition for GENERAL_NAME incorrectly specified the type ![]() X.400 addresses were parsed as an ASN1_STRING but
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |