Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability

Apache's mod_ssl is prone to an off-by-one buffer-overflow condition.

The vulnerability arising in the mod_ssl CRL verification callback allows for potential memory corruption when a malicious CRL is handled.

An attacker may exploit this issue to trigger a denial-of-service condition. Presumably, arbitrary code execution may be possible as well.