- changed status to resolved
[OpenSSL-1.0.2] CVE-2024-0727 PKCS12 Decoding crashes
Issue #400
resolved
Comments (1)
-
reporter - Log in to comment
BUGFIX: Issue
#400- CVE-2024-0727 PKCS12 Decoding crashescherry picked from https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 and modified by me.
original commit message:
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz tomas@openssl.org Reviewed-by: Hugo Landau hlandau@openssl.org Reviewed-by: Neil Horman nhorman@openssl.org (Merged from https://github.com/openssl/openssl/pull/23362)
(cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c)
→ <<cset 0c28b80324ad>>