I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
The function ASN1_STRING_print_ex is often used to print the contents of
an SSL certificate.
II. Problem Description
The function ASN1_STRING_print_ex does not properly validate the lengths
of BMPString or UniversalString objects before attempting to print them.
III. Impact
An application which attempts to print a BMPString or UniversalString
which has an invalid length will crash as a result of OpenSSL accessing
invalid memory locations. This could be used by an attacker to crash a
remote application.
IV. Workaround
No workaround is available, but applications which do not use the
ASN1_STRING_print_ex function (either directly or indirectly) are not
affected.