28 Feb 2012
02 Mar 2012
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
The vulnerability is caused due to a NULL-pointer dereference error in the "mime_hdr_cmp()" function (crypto/asn1/asn_mime.c) when parsing certain MIME headers and can be exploited to cause a crash.
The vulnerability is reported in versions 0.9.7i, 0.9.8t, and 1.0.0g. Other versions may also be affected.
Fixed in the CVS repository.
Reported by Mats Nilsson to the openssl-dev mailing list.