CyaSSL X.509 Certificates NULL Pointer Dereference Denial of Service Vulnerability

Bugtraq ID:	52828
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2012-1558
Remote:	Yes
Local:	No
Published:	Mar 30 2012 12:00AM
Updated:	Mar 30 2012 12:00AM
Credit:	Remi Gacogne
Vulnerable:	CyaSSL CyaSSL 2.0.6
Not Vulnerable:	CyaSSL CyaSSL 2.0.8

CyaSSL X.509 Certificates NULL Pointer Dereference Denial of Service Vulnerability

CyaSSL is prone to a denial-of-service vulnerability.

Successfully exploiting this issue allows attackers to crash applications using the affected library, denying service to legitimate users.

Versions prior to CyaSSL 2.0.8 are vulnerable.

CyaSSL X.509 Certificates NULL Pointer Dereference Denial of Service Vulnerability

Attackers can use standard tools to exploit this issue.

CyaSSL X.509 Certificates NULL Pointer Dereference Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

CyaSSL X.509 Certificates NULL Pointer Dereference Denial of Service Vulnerability

References:

• CyaSSL Homepage (CyaSSL)
  
• CyaSSL Release 2.0.8 (CyaSSL)