Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-224

CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference [jbews-3.0.0]

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: JWS 3.0.0 GA
    • Fix Version/s: JWS 3.0.2 DR1
    • Component/s: openssl
    • Labels:
      None

      Description

      A NULL pointer dereference flaw was found in OpenSSL's X509_to_X509_REQ() function. A remote attacker could use this flaw to crash an OpenSSL server with an invalid certificate key. Note that this function is rarely used in practice.

        Attachments

          Activity

            People

            Assignee:
            weinanli Weinan Li
            Reporter:
            twalsh1 Tim Walsh
            Tester:
            Filip Goldefus Filip Goldefus (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: