#VU5893 NULL pointer dereference in OpenSSL
Vulnerability identifier: #VU5893
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
OpenSSL
Server applications /
Encryption software
Vendor: OpenSSL Software Foundation
Description
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference error when parsing ASN.1 CHOICE type within CMS structures in OpenSSL. A remote attacker can send a specially crafted request to vulnerable service and initiate the NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings.
Successful exploitation may result in denial of service (DoS) attack.
Mitigation
OpenSSL 1.1.0 users should upgrade to 1.1.0c
This issue does not affect OpenSSL versions prior to 1.1.0
Vulnerable software versions
OpenSSL: 1.1.0 - 1.1.0b
External links
http://www.openssl.org/news/secadv/20161110.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
