Endpoint Vulnerability

Base64 decode issue of OpenSSL

Description

Severity: ModerateA vulnerability existed in previous versions of OpenSSL related to theprocessing of base64 encoded data. Any code path that reads base64 data from anuntrusted source could be affected (such as the PEM processing routines).Maliciously crafted base 64 data could trigger a segmenation fault or memorycorruption. This was addressed in previous versions of OpenSSL but has not beenincluded in any security advisory until now.This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.OpenSSL 1.0.1 users should upgrade to 1.0.1h.OpenSSL 1.0.0 users should upgrade to 1.0.0m.OpenSSL 0.9.8 users should upgrade to 0.9.8za.The fix for this issue can be identified by commits d0666f289a (1.0.1),84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported byRobert Dugal and subsequently by David Ramos.

Affected Products

OpenSSL

References

CVE-2015-0292,