Avoid type confusion in the timestamp response parsing - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2026-01-27 14:18:32 +0000
committer	tb <>	2026-01-27 14:18:32 +0000
commit	b468f25e20a1bbfbabbc534c5c2b1b862fe98bbe (patch)
tree	3105ab7df719e7068b2b599dadb5a306e30e122c /src/lib/libc/include/README
parent	80b52a32d57440334a364d1c23155c87f46f2831 (diff)
download	openbsd-b468f25e20a1bbfbabbc534c5c2b1b862fe98bbe.tar.gz openbsd-b468f25e20a1bbfbabbc534c5c2b1b862fe98bbe.tar.bz2 openbsd-b468f25e20a1bbfbabbc534c5c2b1b862fe98bbe.zip

Avoid type confusion in the timestamp response parsing

A malformed v2 signing cert can lead to a type confusion, and the result is a read from an invalid memory address or NULL, so a crash. Unlike for OpenSSL, v1 signing certs aren't affected since miod fixed this in '14. Reported by Luigino Camastra, fix by Bob Beck, via OpenSSL, CVE 2025-69420. ok jsing

Diffstat (limited to 'src/lib/libc/include/README')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: