The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssl | Openssl | * | 0.9.8t (including) |
| Openssl | Openssl | 0.9.1c (including) | 0.9.1c (including) |
| Openssl | Openssl | 0.9.2b (including) | 0.9.2b (including) |
| Openssl | Openssl | 0.9.3 (including) | 0.9.3 (including) |
| Openssl | Openssl | 0.9.3a (including) | 0.9.3a (including) |
| Openssl | Openssl | 0.9.4 (including) | 0.9.4 (including) |
| Openssl | Openssl | 0.9.5 (including) | 0.9.5 (including) |
| Openssl | Openssl | 0.9.5-beta1 (including) | 0.9.5-beta1 (including) |
| Openssl | Openssl | 0.9.5-beta2 (including) | 0.9.5-beta2 (including) |
| Openssl | Openssl | 0.9.5a (including) | 0.9.5a (including) |
| Openssl | Openssl | 0.9.5a-beta1 (including) | 0.9.5a-beta1 (including) |
| Openssl | Openssl | 0.9.5a-beta2 (including) | 0.9.5a-beta2 (including) |
| Openssl | Openssl | 0.9.6 (including) | 0.9.6 (including) |
| Openssl | Openssl | 0.9.6-beta1 (including) | 0.9.6-beta1 (including) |
| Openssl | Openssl | 0.9.6-beta2 (including) | 0.9.6-beta2 (including) |
| Openssl | Openssl | 0.9.6-beta3 (including) | 0.9.6-beta3 (including) |
| Openssl | Openssl | 0.9.6a (including) | 0.9.6a (including) |
| Openssl | Openssl | 0.9.6a-beta1 (including) | 0.9.6a-beta1 (including) |
| Openssl | Openssl | 0.9.6a-beta2 (including) | 0.9.6a-beta2 (including) |
| Openssl | Openssl | 0.9.6a-beta3 (including) | 0.9.6a-beta3 (including) |
| Openssl | Openssl | 0.9.6b (including) | 0.9.6b (including) |
| Openssl | Openssl | 0.9.6c (including) | 0.9.6c (including) |
| Openssl | Openssl | 0.9.6d (including) | 0.9.6d (including) |
| Openssl | Openssl | 0.9.6e (including) | 0.9.6e (including) |
| Openssl | Openssl | 0.9.6f (including) | 0.9.6f (including) |
| Openssl | Openssl | 0.9.6g (including) | 0.9.6g (including) |
| Openssl | Openssl | 0.9.6h (including) | 0.9.6h (including) |
| Openssl | Openssl | 0.9.6i (including) | 0.9.6i (including) |
| Openssl | Openssl | 0.9.6j (including) | 0.9.6j (including) |
| Openssl | Openssl | 0.9.6k (including) | 0.9.6k (including) |
| Openssl | Openssl | 0.9.6l (including) | 0.9.6l (including) |
| Openssl | Openssl | 0.9.6m (including) | 0.9.6m (including) |
| Openssl | Openssl | 0.9.7 (including) | 0.9.7 (including) |
| Openssl | Openssl | 0.9.7-beta1 (including) | 0.9.7-beta1 (including) |
| Openssl | Openssl | 0.9.7-beta2 (including) | 0.9.7-beta2 (including) |
| Openssl | Openssl | 0.9.7-beta3 (including) | 0.9.7-beta3 (including) |
| Openssl | Openssl | 0.9.7-beta4 (including) | 0.9.7-beta4 (including) |
| Openssl | Openssl | 0.9.7-beta5 (including) | 0.9.7-beta5 (including) |
| Openssl | Openssl | 0.9.7-beta6 (including) | 0.9.7-beta6 (including) |
| Openssl | Openssl | 0.9.7a (including) | 0.9.7a (including) |
| Openssl | Openssl | 0.9.7b (including) | 0.9.7b (including) |
| Openssl | Openssl | 0.9.7c (including) | 0.9.7c (including) |
| Openssl | Openssl | 0.9.7d (including) | 0.9.7d (including) |
| Openssl | Openssl | 0.9.7e (including) | 0.9.7e (including) |
| Openssl | Openssl | 0.9.7f (including) | 0.9.7f (including) |
| Openssl | Openssl | 0.9.7g (including) | 0.9.7g (including) |
| Openssl | Openssl | 0.9.7h (including) | 0.9.7h (including) |
| Openssl | Openssl | 0.9.7i (including) | 0.9.7i (including) |
| Openssl | Openssl | 0.9.7j (including) | 0.9.7j (including) |
| Openssl | Openssl | 0.9.7k (including) | 0.9.7k (including) |
| Openssl | Openssl | 0.9.7l (including) | 0.9.7l (including) |
| Openssl | Openssl | 0.9.7m (including) | 0.9.7m (including) |
| Openssl | Openssl | 0.9.8 (including) | 0.9.8 (including) |
| Openssl | Openssl | 0.9.8a (including) | 0.9.8a (including) |
| Openssl | Openssl | 0.9.8b (including) | 0.9.8b (including) |
| Openssl | Openssl | 0.9.8c (including) | 0.9.8c (including) |
| Openssl | Openssl | 0.9.8d (including) | 0.9.8d (including) |
| Openssl | Openssl | 0.9.8e (including) | 0.9.8e (including) |
| Openssl | Openssl | 0.9.8f (including) | 0.9.8f (including) |
| Openssl | Openssl | 0.9.8g (including) | 0.9.8g (including) |
| Openssl | Openssl | 0.9.8h (including) | 0.9.8h (including) |
| Openssl | Openssl | 0.9.8i (including) | 0.9.8i (including) |
| Openssl | Openssl | 0.9.8j (including) | 0.9.8j (including) |
| Openssl | Openssl | 0.9.8k (including) | 0.9.8k (including) |
| Openssl | Openssl | 0.9.8l (including) | 0.9.8l (including) |
| Openssl | Openssl | 0.9.8m (including) | 0.9.8m (including) |
| Openssl | Openssl | 0.9.8m-beta1 (including) | 0.9.8m-beta1 (including) |
| Openssl | Openssl | 0.9.8n (including) | 0.9.8n (including) |
| Openssl | Openssl | 0.9.8o (including) | 0.9.8o (including) |
| Openssl | Openssl | 0.9.8p (including) | 0.9.8p (including) |
| Openssl | Openssl | 0.9.8q (including) | 0.9.8q (including) |
| Openssl | Openssl | 0.9.8r (including) | 0.9.8r (including) |
| Openssl | Openssl | 0.9.8s (including) | 0.9.8s (including) |
| Red Hat Enterprise Linux 5 | RedHat | openssl-0:0.9.8e-12.el5 | * |
| Openssl | Ubuntu | lucid | * |
| Openssl | Ubuntu | maverick | * |
| Openssl | Ubuntu | natty | * |
| Openssl | Ubuntu | oneiric | * |
| Openssl | Ubuntu | upstream | * |
| Openssl098 | Ubuntu | devel | * |
| Openssl098 | Ubuntu | oneiric | * |
| Openssl098 | Ubuntu | upstream | * |
References
- http://cvs.openssl.org/chngview?cn=22144
- http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2
- http://marc.info/?l=openssl-dev\u0026m=115685408414194\u0026w=2
- http://secunia.com/advisories/36533
- http://secunia.com/advisories/48153
- http://secunia.com/advisories/48516
- http://secunia.com/advisories/48899
- http://www.mail-archive.com/openssl-dev%40openssl.org/msg30305.html
- http://www.openwall.com/lists/oss-security/2012/02/27/10
- http://www.openwall.com/lists/oss-security/2012/02/28/14
- http://www.redhat.com/support/errata/RHSA-2009-1335.html
- http://www.securityfocus.com/bid/52181
- http://www.ubuntu.com/usn/USN-1424-1
- https://bugzilla.novell.com/show_bug.cgi?id=748738
- https://bugzilla.redhat.com/show_bug.cgi?id=798100
- http://cvs.openssl.org/chngview?cn=22144
- http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2
- http://marc.info/?l=openssl-dev\u0026m=115685408414194\u0026w=2
- http://secunia.com/advisories/36533
- http://secunia.com/advisories/48153
- http://secunia.com/advisories/48516
- http://secunia.com/advisories/48899
- http://www.mail-archive.com/openssl-dev%40openssl.org/msg30305.html
- http://www.openwall.com/lists/oss-security/2012/02/27/10
- http://www.openwall.com/lists/oss-security/2012/02/28/14
- http://www.redhat.com/support/errata/RHSA-2009-1335.html
- http://www.securityfocus.com/bid/52181
- http://www.ubuntu.com/usn/USN-1424-1
- https://bugzilla.novell.com/show_bug.cgi?id=748738
- https://bugzilla.redhat.com/show_bug.cgi?id=798100