Wind River Support Network

HomeDefectsLIN5-20554
Fixed

LIN5-20554 : Security Advisory - openssl - CVE-2015-1790

Created: Jun 16, 2015    Updated: Dec 19, 2017
Resolved Date: Jun 24, 2015
Previous ID: LIN4-32785
Found In Version: 5.0.1.26
Fix Version: 5.0.1.28
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. (original advisory). Reported by Michal Zalewski (Google). 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790

Other Downloads


Live chat
Online