Skip to main content

NULL Pointer Dereference

CVE-2015-0289

Severity Medium
Score 5/10

Summary

The PKCS#7 implementation in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to "crypto/pkcs7/pk7_doit.c" and "crypto/pkcs7/pk7_lib.c".

  • LOW
  • NETWORK
  • NONE
  • NONE
  • NONE
  • PARTIAL

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published