OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability

OpenSSL is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library.

Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.

Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. NOTE: Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x.


Privacy Statement
Copyright 2010, SecurityFocus