At a glance:
| ID | 39832 |
| Created | Apr 11, 2018 |
| Description Updated | Apr 11, 2018 |
| Severity |
|
| Coverage | 
FortiClient |
Refine Search
Endpoint Vulnerability
Use After Free following d2i_ECPrivatekey error
Description
A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.
Affected Products
OpenSSL