Wind River Support Network


LIN7-4046 : Security Advisory - openssl - CVE-2015-1790

Created: Jun 16, 2015    Updated: Sep 8, 2018
Resolved Date: Jun 24, 2015
Previous ID: LIN4-32784
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. (original advisory). Reported by Michal Zalewski (Google).

Other Downloads


Live chat