Description
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
Remediation
References
Related Vulnerabilities
PostgreSQL CVE-2023-5868 Vulnerability (CVE-2023-5868)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-0214)
MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-40596)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-0815)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5406)