Where can I see a list of functions affected by this bug? HankScorpio wrote: > > Hi, > > I'm running a 0.9.8g version of the OpenSSL to verify some data. > > I received an email related to a vulnerability of OpenSSL, basically says: > "A potentially exploitable vulnerability has been discovered in the > OpenSSL function asn1_d2i_read_bio." > ... > "Any application which uses BIO or FILE based functions to read untrusted > DER > format data is vulnerable. Affected functions are of the form d2i_*_bio or > d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp." > > I performed a search in our source code and I can't found any > "d2i_*_bio","d2i_*_fp", "d2i_X509_bio" and "d2i_PKCS12_fp." Also can't > found any call to "asn1_d2i_read_bio"... > Our code uses a BIO_read functions, do we fall in this vulnerability? > > > Best Regards.. >
-- View this message in context: http://old.nabble.com/ASN1-BIO-vulnerability-%28CVE-2012-2110%29-tp33732623p33763429.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org