The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
The product reads data past the end, or before the beginning, of the intended buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssl | Openssl | 1.0.1 (including) | 1.0.1 (including) |
Openssl | Openssl | 1.0.1-beta1 (including) | 1.0.1-beta1 (including) |
Openssl | Openssl | 1.0.1-beta2 (including) | 1.0.1-beta2 (including) |
Openssl | Openssl | 1.0.1-beta3 (including) | 1.0.1-beta3 (including) |
Openssl | Openssl | 1.0.1a (including) | 1.0.1a (including) |
Openssl | Openssl | 1.0.1b (including) | 1.0.1b (including) |
Openssl | Openssl | 1.0.1c (including) | 1.0.1c (including) |
Openssl | Openssl | 1.0.1d (including) | 1.0.1d (including) |
Openssl | Openssl | 1.0.1e (including) | 1.0.1e (including) |
Openssl | Openssl | 1.0.1f (including) | 1.0.1f (including) |
Openssl | Openssl | 1.0.1g (including) | 1.0.1g (including) |
Openssl | Openssl | 1.0.1h (including) | 1.0.1h (including) |
Openssl | Openssl | 1.0.1i (including) | 1.0.1i (including) |
Openssl | Openssl | 1.0.1j (including) | 1.0.1j (including) |
Openssl | Openssl | 1.0.1k (including) | 1.0.1k (including) |
Openssl | Openssl | 1.0.1l (including) | 1.0.1l (including) |
Openssl | Openssl | 1.0.1m (including) | 1.0.1m (including) |
Openssl | Openssl | 1.0.1n (including) | 1.0.1n (including) |
Openssl | Openssl | 1.0.1o (including) | 1.0.1o (including) |
Openssl | Openssl | 1.0.1p (including) | 1.0.1p (including) |
Openssl | Openssl | 1.0.1q (including) | 1.0.1q (including) |
Openssl | Openssl | 1.0.1r (including) | 1.0.1r (including) |
Openssl | Openssl | 1.0.1s (including) | 1.0.1s (including) |
Openssl | Openssl | 1.0.1t (including) | 1.0.1t (including) |