CVE-2016-7053
HIGHOpenSSL 1.1.0-1.1.0b - NULL Pointer Dereference in ASN.1 CHOICE Type Handling
Title source: llmDescription
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94244
Vendor Advisory x_refsource_confirm
https://www.openssl.org/news/secadv/20161110.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037261
Scores
CVSS v3
7.5
EPSS
0.0106
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (6)
openssl/openssl
1.1.0
openssl/openssl
1.1.0a
openssl/openssl
1.1.0b
OpenSSL/OpenSSL
openssl-1.1.0
OpenSSL/OpenSSL
openssl-1.1.0a
OpenSSL/OpenSSL
openssl-1.1.0b
Published
May 04, 2017
Tracked Since
Feb 18, 2026