CVE-2016-7052 log

Severity Medium
Remote Yes
Type Denial of service
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and Thomas Jakobi.
Group Package Affected Fixed Severity Status Ticket
AVG-34 lib32-openssl 1:1.0.2.i-1 1:1.0.2.j-1 Medium Fixed
AVG-33 openssl 1.0.2.i-1 1.0.2.j-1 Medium Fixed
Date Advisory Group Package Severity Type
28 Sep 2016 ASA-201609-30 AVG-33 openssl Medium denial of service
27 Sep 2016 ASA-201609-28 AVG-34 lib32-openssl Medium denial of service
This issue only affects OpenSSL 1.0.2i.