Package: nufw Version: 2.4.3
Source: nufw The bug is caused because of wrongly checking the return value of 'ASN1_STRING_to_UTF8()' in nufw/src/libs/nussl/nussl_openssl.c:113-114. According to the openssl API document, we should use 'OPENSSL_free()' when 'len>=0'. So the patch should be: 113: len = ASN1_STRING_to_UTF8(&tmp, str); 114: - if (len > 0) { 114: + if (len >= 0) { This is similar to CVE-2017-7521. I learned from the source of the 'ChangeLog' file that my nufw version :2.4.3.