OpenSSL 1.0.2i CRL Handling NULL Pointer Dereference DoS
Medium Nessus Plugin ID 93786
SynopsisThe remote service is affected by a denial of service vulnerability.
DescriptionAccording to its banner, the remote host is running OpenSSL version 1.0.2i. It is, therefore, affected by a denial of service vulnerability in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service.
SolutionUpgrade to OpenSSL version 1.0.2j or later.