CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/01/27 07:18:32
Modified files:
lib/libcrypto/ts: ts_rsp_verify.c
Log message:
Avoid type confusion in the timestamp response parsing
A malformed v2 signing cert can lead to a type confusion, and the result
is a read from an invalid memory address or NULL, so a crash. Unlike for
OpenSSL, v1 signing certs aren't affected since miod fixed this in '14.
Reported by Luigino Camastra, fix by Bob Beck, via OpenSSL, CVE 2025-69420.
ok jsing
