---

CVE-2016-7052 - log back

CVE-2016-7052 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. + The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and Thomas Jakobi.
References	+ https://www.openssl.org/news/secadv/20160926.txt
Notes	+ This issue only affects OpenSSL 1.0.2i.