Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-224

CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference [jbews-3.0.0]

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • JWS 3.0.2 DR1
    • JWS 3.0.0 GA
    • openssl
    • None

    Description

      A NULL pointer dereference flaw was found in OpenSSL's X509_to_X509_REQ() function. A remote attacker could use this flaw to crash an OpenSSL server with an invalid certificate key. Note that this function is rarely used in practice.

      Attachments

        Activity

          People

            weinanli Weinan Li
            rhn-support-twalsh Tim Walsh
            Filip Goldefus Filip Goldefus (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: