Versions Affected : All versions prior to TrueNAS 12.0-U1


Description

The X.509 GeneralName type is a generic type for representing different types of names.

One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. An attacker who is able to control both items being compared can trigger a NULL pointer dereference and a crash may occur leading to a possible denial of service attack. As an example, if an attacker can trick a client of server to check a maliciously constructed certificate against a malicious CRL could trigger the NULL dereference.


Workaround

No workaround is available.


Mitigation

  • Upgrade to TrueNAS 12.0-U1 or later.

Commit


Further information