CVE-2015-1790

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

🔗 References (106)

• secalert@redhathttp://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
• secalert@redhathttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
• secalert@redhathttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
• secalert@redhathttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
• secalert@redhathttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
• secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
• secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html