‫ OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability

IRCAD2012041866
ID: IRCAD2012041866
Release Date: 2012-04-19
Criticality level: Highly critical
Software:
OpenSSL 0.x
OpenSSL 1.x
 Description:
Tavis Ormandy has reported a vulnerability in OpenSSL, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code, but may require a target to be running on a 64-bit system.
NOTE: Applications that use PEM only routines are not affected.
The vulnerability is reported in versions prior to 0.9.8v, 1.0.1a, and 1.0.0i.
Solution
Update to version 0.9.8v, 1.0.1a, and 1.0.0i.
References:
OpenSSL:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 1 اردیبهشت 1391

امتیاز

امتیاز شما
تعداد امتیازها:0