- Reported
-
- Issued
-
- Package
-
openssl-src
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- Details
-
https://www.openssl.org/news/secadv/20230207.txt
- Patched
-
- Unaffected
-
Description
An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
d2i_PKCS7()
, d2i_PKCS7_bio()
or d2i_PKCS7_fp()
functions.
The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.