CVE-2010-0742

[GoogleCodeExporter]

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c 
in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle 
structures that contain OriginatorInfo, which allows context-dependent 
attackers to modify invalid memory locations or conduct double-free attacks, 
and possibly execute arbitrary code, via unspecified vectors.

https://bugzilla.redhat.com/show_bug.cgi?id=598738

Original issue reported on code.google.com by ole.andr...@gmail.com on 22 Aug 2010 at 4:37

[GoogleCodeExporter]

The 0.3 branch is soon EOL, no time to fix this issue. Sorry.

Original comment by off...@symbiosis.cc on 4 Aug 2011 at 10:54

• Changed state: WontFix