logo
DATABASE RESOURCES PRICING ABOUT US

OpenSSL -- integer conversions result in memory corruption

Description

OpenSSL security team reports: A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any openssl 1.0.1_1

Related