OpenSSL S/MIME Parsing Null Pointer Dereference Lets Remote Users Deny Service
OpenSSL prior to 0.9.8u, 1.0.0h
A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions.
A remote user can send specially crafted S/MIME headers to trigger a null pointer dereference in the ANS.1 parser and cause the target application using OpenSSL to crash. The vulnerability resides in the mime_param_cmp() function.
A remote user can cause the application using OpenSSL to crash.
The vendor has issued a fix (0.9.8u, 1.0.0h).