An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssl | Openssl | 3.0.0 (including) | 3.0.7 (including) |
| Red Hat Enterprise Linux 9 | RedHat | openssl-1:3.0.1-47.el9_1 | * |
| Red Hat Enterprise Linux 9 | RedHat | openssl-1:3.0.1-47.el9_1 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | openssl-1:3.0.1-46.el9_0 | * |
| Edk2 | Ubuntu | trusty | * |
| Edk2 | Ubuntu | xenial | * |
| Nodejs | Ubuntu | trusty | * |
| Openssl | Ubuntu | devel | * |
| Openssl | Ubuntu | jammy | * |
| Openssl | Ubuntu | kinetic | * |
| Openssl | Ubuntu | lunar | * |
| Openssl | Ubuntu | mantic | * |
| Openssl | Ubuntu | trusty | * |
| Openssl | Ubuntu | upstream | * |
| Openssl | Ubuntu | xenial | * |