David (thanks!) re-raised this ticket with the following details. (I am also attaching his 'base64-bug.txt' file.)
Our UC-KLEE tool found a buffer overflow in OpenSSL's base64 decoder that results in a negative length passed to memcpy. This is likely exploitable, depending on where PEM-encoded keys/certs are originating. Someone else reported the same bug in 2011 and it was never addressed (sensing a pattern?): https://rt.openssl.org/Ticket/Display.html?id=2608&user=guest&pass=guest The attacker can control the negative value, but only in the range -1 to -16, so it's likely to segfault and trigger a DoS, but I suppose there's a small chance of more serious consequences. Attached is a sample attack input that yields a length of -16: $ openssl base64 -d -in base64-bug.txt Backtrace: frame #1: 0x93550e38 libsystem_c.dylib`__memcpy_chk + 37 frame #2: 0x001c5017 openssl`b64_read(b=0x00489700, out=0x00b2cc00, outl=8192) + 1975 at bio_b64.c:357 frame #3: 0x0019f072 openssl`BIO_read(b=0x00489700, out=0x00b2cc00, outl=8192) + 434 at bio_lib.c:212 frame #4: 0x000134d0 openssl`enc_main(argc=0, argv=0xbffffa8c) + 9536 at enc.c:662 frame #5: 0x00002e02 openssl`do_cmd(prog=0x00488e00, argc=4, argv=0xbffffa7c) + 274 at openssl.c:490 frame #6: 0x000025a4 openssl`main(Argc=4, Argv=0xbffffa7c) + 1316 at openssl.c:382
================================================================================-
