New version of OpenSSL closes security holes in ASN1 parser
Tavis Ormandy from the Google Security Team has notified the OpenSSL developers of a security hole in the current version of their open source library. The errors occur when parsing ASN1 data via the asn1_d2i_read_bio() function. According to the official OpenSSL advisory and Ormandy's message, the issue affects applications that process external X.509 certificates or public RSA keys. However, the remaining information about the applications that are affected, and the potential consequences, is rather cryptic.