ALAS-2012-062 --- opensslID: oval:org.secpod.oval:def:1601365 | Date: (C)2020-11-27 (M)2023-12-07 |
Class: PATCH | Family: unix |
A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times
Platform: |
Amazon Linux AMI |