openssl: Double free after calling PEM_read_bio_exDeprecated |
ID: oval:org.secpod.oval:def:87672 | Date: (C)2023-02-21 (M)2024-02-08 |
Class: VULNERABILITY | Family: unix |
A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (for example, "CERTIFICATE"), any header data, and the payload data. If the function succeeds, then the "name_out," "header," and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.
Platform: |
CentOS 7 |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 8 |
Red Hat Enterprise Linux 9 |