OpenSSL
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*, +1 more
- >= 3.6, < 3.6.1
- >= 3.5, < 3.5.5
- >= 3.4, < 3.4.4
A type confusion vulnerability has been identified in OpenSSL versions 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1, and 1.0.2. This vulnerability arises in the signature verification process of signed PKCS#7 data, where an ASN1_TYPE union member is accessed without proper type validation. This oversight can lead to an invalid or NULL pointer dereference when handling malformed PKCS#7 data, causing a crash and denial-of-service condition for applications that perform signature verification or directly call the PKCS7_digest_from_attributes() function.
Exploiting this vulnerability can cause an application to dereference an invalid or NULL pointer, leading to a crash and denial-of-service condition.
To reproduce this vulnerability, an attacker must provide a malformed signed PKCS#7 file to an application that verifies PKCS#7 signatures. The vulnerability can be triggered by using the OpenSSL command-line tool or through an application that processes PKCS#7 data using the OpenSSL library.
Users of OpenSSL 3.6 should upgrade to OpenSSL 3.6.1, users of OpenSSL 3.5 should upgrade to OpenSSL 3.5.5, and users of OpenSSL 3.4 should upgrade to OpenSSL 3.4.4.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.