Vigil@nce - OpenSSL: out-of-bounds memory reading via TS_OBJ_print_bio
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a read at an invalid address via
PTS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of
service, or to obtain sensitive information.
Impacted products: OpenSSL.
Severity: 1/4.
Creation date: 02/08/2016.
DESCRIPTION OF THE VULNERABILITY
The OpenSSL product implements the RFC 3161 Public Key
Infrastructure Time-Stamp Protocol.
However, the TS_OBJ_print_bio() function tries to read a memory
area located outside the expected range, which triggers a fatal
error, or leads to the disclosure of a memory fragment.
An attacker can therefore force a read at an invalid address via
TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of
service, or to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/OpenSSL-out-of-bounds-memory-reading-via-TS-OBJ-print-bio-20286