crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
novell suse linux enterprise module for web scripting 12.0 |
||
openssl openssl 1.0.2i |
||
nodejs node.js |
Recursion (n): See recursion
Sysadmins and devs, fresh from a weekend spoiled by last week's OpenSSL emergency patch, have another emergency patch to install. One of last week's fixes, for CVE-2016-6307, created CVE-2016-6309, a dangling pointer security vulnerability. As the fresh advisory states: “The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received, then the underlying buffer to store the incoming message is reallocated and moved. “Unfortunately a dangl...