logo
DATABASE RESOURCES PRICING ABOUT US

Vulnerability in OpenSSL - Malformed RFC 3779 Data Can Cause Assertion Failures

Description

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Builds of OpenSSL are only vulnerable if configured with "enable-rfc3779", which is not a default. Reported by Andrew Chi. * Fixed in OpenSSL 1.0.0f (Affected since 1.0.0) * Fixed in OpenSSL 0.9.8s (Affected since 0.9.8)


Related