Memory corruption in the ASN.1 encoder

A memory corruption vulnerability has been detected for OpenSSL ASN.1 encoder. This vulnerability is a combination of two bugs, neither which individually has security impact but together, they allow the attacker to execute a malicious code. The exploitation takes place using malformed digital certificates signed by trusted certificate authorities.

This vulnerability affects systems whose inbound connections do not terminate at the ACE Load Balancers. If the inbound connections terminate at the ACE Load Balancers, the risk of being impacted by this vulnerability is low.


CVE Number

Recommended Action

  • OpenSSL 1.0.2 users should upgrade to 1.0.2c
  • OpenSSL 1.0.1 users should upgrade to 1.0.1o

More Information