Bug 1393930 (CVE-2016-7053) - CVE-2016-7053 openssl: CMS Null dereference vulnerability
Summary: CVE-2016-7053 openssl: CMS Null dereference vulnerability
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-7053
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-10 16:18 UTC by Adam Mariš
Modified: 2021-03-11 14:48 UTC (History)
30 users (show)

Fixed In Version: openssl 1.1.0c
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-10 16:21:43 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2016-11-10 16:18:21 UTC 
Quoting form the OpenSSL upstream advisory:

CMS Null dereference (CVE-2016-7053)
====================================

Severity: Moderate

Applications parsing invalid CMS structures can crash with a NULL pointer
dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type
in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure
callback if an attempt is made to free certain invalid encodings. Only CHOICE
structures using a callback which do not handle NULL value are affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0c

This issue does not affect OpenSSL versions prior to 1.1.0

This issue was reported to OpenSSL on 12th October 2016 by Tyler Nighswander of
ForAllSecure. The fix was developed by Stephen Henson of the OpenSSL
development team.

External References:

https://www.openssl.org/news/secadv/20161110.txt
Comment 1 Adam Mariš 2016-11-10 16:18:45 UTC 
Acknowledgments:

Name: the OpenSSL project
Upstream: Tyler Nighswander (ForAllSecure)
Note You need to log in before you can comment on or make changes to this bug.