virus logo FortiClient Vulnerability

OpenSSL CVE-2016-7053 Denial of Service Vulnerability

description-logoDescription

Severity: ModerateApplications parsing invalid CMS structures can crash with a NULL pointerdereference. This is caused by a bug in the handling of the ASN.1 CHOICE typein OpenSSL 1.1.0 which can result in a NULL value being passed to the structurecallback if an attempt is made to free certain invalid encodings. Only CHOICEstructures using a callback which do not handle NULL value are affected.OpenSSL 1.1.0 users should upgrade to 1.1.0cThis issue does not affect OpenSSL versions prior to 1.1.0This issue was reported to OpenSSL on 12th October 2016 by Tyler Nighswander ofForAllSecure. The fix was developed by Stephen Henson of the OpenSSLdevelopment team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-7053

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39878
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL