FreeBSD-SA-20:33.openssl : OpenSSL NULL pointer de-reference
Versions Affected : All versions prior to TrueNAS 12.0-U1
Description
The X.509 GeneralName type is a generic type for representing different types of names.
One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. An attacker who is able to control both items being compared can trigger a NULL pointer dereference and a crash may occur leading to a possible denial of service attack. As an example, if an attacker can trick a client of server to check a maliciously constructed certificate against a malicious CRL could trigger the NULL dereference.
Workaround
No workaround is available.
Mitigation
- Upgrade to TrueNAS 12.0-U1 or later.