CVE-2006-7250

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.0j OpenSSL versions prior to 0.9.8y

Description The issue affects the OpenSSL package in Gentoo Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, the mime hdr cmp function in crypto/asn1/asn mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service via a crafted S/MIME message, resulting in a NULL pointer dereference and application crash.

Recommendations For versions prior to 1.0.0j, update to version 1.0.0j or later. For versions prior to 0.9.8y, update to version 0.9.8y or later. As a temporary workaround, consider restricting access to the crypto/asn1/asn mime.c function until a patch is available. Avoid using the mime hdr cmp function in the affected OpenSSL versions until the issue is resolved.