Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-224

CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference [jbews-3.0.0]

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: JWS 3.0.0 GA
    • Fix Version/s: JWS 3.0.2 DR1
    • Component/s: openssl
    • Labels:
      None

      Description

      A NULL pointer dereference flaw was found in OpenSSL's X509_to_X509_REQ() function. A remote attacker could use this flaw to crash an OpenSSL server with an invalid certificate key. Note that this function is rarely used in practice.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                weinanli Weinan Li
                Reporter:
                twalsh1 Tim Walsh
                Tester:
                Filip Goldefus
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: