CVSS v2 Base Score
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
None - no FoxT products use affected function with untrusted data.
Still have questions? We can help. Submit a case to Technical Support.