The host is installed with OpenSSL 1.1.0 before 1.1.0c and is prone to a CMS null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle ASN.1 CHOICE type. Successful exploitation allows remote attackers to result in a NULL value being passed to the structure callback to free certain invalid encodings.