3 matches found
Vulnerability in OpenSSL - Segmentation fault in ASN1_TYPE_cmp
Segmentation fault in ASN1TYPEcmp. The function ASN1TYPEcmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1TYPEcmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and...
Vulnerability in OpenSSL - OCSP invalid key DoS issue
A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. Found by Stephen Henson...
Debian DSA-393-1 : openssl - denial of service
Dr. Stephen Henson , using a test suite provided by NISCC , discovered a number of errors in the OpenSSL ASN1 code. Combined with an error that causes the OpenSSL code to parse client certificates even when it should not, these errors can cause a denial of service DoS condition on a system using...