|Type||Denial of service|
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and Thomas Jakobi.
|28 Sep 2016||ASA-201609-30||AVG-33||openssl||Medium||denial of service|
|27 Sep 2016||ASA-201609-28||AVG-34||lib32-openssl||Medium||denial of service|
This issue only affects OpenSSL 1.0.2i.