Dmitry Belyavsky

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. This occurs when the hash algorithm used for the signature is known to the OpenSSL library, but the implementation of the hash algorithm is not available, causing the digest initialization to fail. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions; however, third-party applications would be affected if they call these functions to verify signatures on untrusted data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages, the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.