Wind River Support Network


LIN5-20554 : Security Advisory - openssl - CVE-2015-1790

Created: Jun 16, 2015    Updated: Dec 19, 2017
Resolved Date: Jun 24, 2015
Previous ID: LIN4-32785
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace


The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. (original advisory). Reported by Michal Zalewski (Google).

Other Downloads

Live chat