Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7053

Опубликовано: 10 нояб. 2016
Источник: redhat
CVSS3: 5.9
CVSS2: 4.3

Описание

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6opensslNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7opensslNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Linux 7OVMFNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1393930openssl: CMS Null dereference vulnerability

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7053

CVSS3: 7.5
ubuntu
почти 9 лет назад

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

nvd логотип

CVE-2016-7053

CVSS3: 7.5
nvd
почти 9 лет назад

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

debian логотип

CVE-2016-7053

CVSS3: 7.5
debian
почти 9 лет назад

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS struc ...

github логотип

GHSA-hp2v-mmp5-5mcx

CVSS3: 7.5
github
больше 3 лет назад

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

fstec логотип

BDU:2020-02969

CVSS3: 7.5
fstec
почти 9 лет назад

Уязвимость парсера CMS структур библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

5.9 Medium

CVSS3

4.3 Medium

CVSS2