Description
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin InPost Gallery Multiple Vulnerabilities (2.1.2)
Plone CMS Improper Privilege Management Vulnerability (CVE-2020-7941)
Envoy Proxy CVE-2023-27487 Vulnerability (CVE-2023-27487)
Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.8)
WordPress Plugin WooCommerce Checkout For Digital Goods Cross-Site Request Forgery (2.2)