OpenSSL -- integer conversions result in memory corruption

2012-04-19T00:00:00
ID 7184F92E-8BB8-11E1-8D7B-003067B2972C
Type freebsd
Reporter FreeBSD
Modified 2012-04-19T00:00:00

Description

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_bio or d2i_fp, for example d2i_X509_bio or d2i_PKCS12_fp.