Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSL CMS结构处理内存破坏漏洞
Vulnerability Description
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的crypto/cms/cms_asn1.c中,在实现Cryptographic Message Syntax (CMS)时,无法正确处理包含OriginatorInfo的结构,攻击者可利用未明向量修改无效内存地址或发起双释放攻击,并可执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A