Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-224

CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference [jbews-3.0.0]

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • JWS 3.0.2 DR1
    • JWS 3.0.0 GA
    • openssl
    • None

    Description

      A NULL pointer dereference flaw was found in OpenSSL's X509_to_X509_REQ() function. A remote attacker could use this flaw to crash an OpenSSL server with an invalid certificate key. Note that this function is rarely used in practice.

      Attachments

        Activity

          People

            weli@redhat.com Weinan Li
            rhn-support-twalsh Tim Walsh
            Filip Goldefus Filip Goldefus (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: