Vulnerability in OpenSSL (CVE-2011-4577)

ID OPENSSL:CVE-2011-4577
Type openssl
Reporter OpenSSL
Modified 2012-01-04T00:00:00


RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Builds of OpenSSL are only vulnerable if configured with "enable-rfc3779", which is not a default. Reported by Andrew Chi.