VYPR
High severity7.5NVD Advisory· Published May 4, 2017· Updated Jun 17, 2026

CVE-2016-7053

CVE-2016-7053

Description

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*
    • (no CPE)range: <1.1.0c
    • (no CPE)range: openssl-1.1.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.