Description
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)
WordPress Plugin IMPress for IDX Broker Cross-Site Scripting (3.0.5)
Dolibarr Incorrect Authorization Vulnerability (CVE-2022-0731)
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)