On Tue, Sep 30, 2003 at 03:27:50PM +0100, Mark J Cox wrote: > Who is affected? > - ---------------- > > All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all > versions of SSLeay are affected. > > Any application that makes use of OpenSSL's ASN1 library to parse > untrusted data. This includes all SSL or TLS applications, those using > S/MIME (PKCS#7) or certificate generation routines.
Does verifying a RSA signature also count? IIRC the ASN.1 parser is invoked during the process (to check the padding). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
