MNBSD-2015-3: OpenSSL multiple vulnerabilities (use-after-free, NULL deref, memory corruption)

Severity: Unknown

Affected Package: openssl

Summary: OpenSSL multiple vulnerabilities (use-after-free, NULL deref, memory corruption)

Description

Multiple OpenSSL vulnerabilities were fixed, including a use-after-free in d2i_ECPrivateKey, an invalid read crash in ASN1_TYPE_cmp, memory corruption via reused ASN.1 structures, a NULL pointer dereference in X509_to_X509_REQ, mishandled PKCS#7 parsing, and an assertion failure reachable via a crafted SSLv2 CLIENT-MASTER-KEY message. These allow denial of service and potentially memory corruption.

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293

Published: March 19, 2015
Last Modified: March 19, 2015