Vigil@nce - OpenSSL: NULL pointer dereference via X509_to_X509_REQ
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a NULL pointer to be dereferenced in
X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of
service.
Impacted products: Cisco ACE, Cisco IP Phone, Cisco Wireless IP
Phone, Debian, Fedora, FreeBSD, OpenBSD, OpenSSL, openSUSE, RHEL,
SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform)
Severity: 2/4
Creation date: 09/03/2015
DESCRIPTION OF THE VULNERABILITY
The OpenSSL product processes X.509 certificates.
However, the X509_to_X509_REQ() function does not check if a
pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced
in X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-NULL-pointer-dereference-via-X509-to-X509-REQ-16342