CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
99.2%
The ASN.1 signature-verification implementation in the rsa_item_verify
function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows
remote attackers to cause a denial of service (NULL pointer dereference and
application crash) via crafted RSA PSS parameters to an endpoint that uses
the certificate-verification feature.
Author | Note |
---|---|
mdeslaur | 1.0.2 only |