Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL prior to 1.0.1t and 1.0.2 prior to 1.0.2h allows remote malicious users to cause a denial of service (heap memory corruption) via a large amount of binary data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux hpc node 6 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
oracle mysql |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux hpc node 7.0 |
||
redhat enterprise linux server eus 7.2 |
||
redhat enterprise linux hpc node eus 7.2 |
||
apple mac os x 10.11.5 |
||
openssl openssl 1.0.1m |
||
openssl openssl 1.0.2a |
||
openssl openssl 1.0.1j |
||
openssl openssl 1.0.1 |
||
openssl openssl 1.0.1h |
||
openssl openssl 1.0.2e |
||
openssl openssl 1.0.1r |
||
openssl openssl 1.0.2b |
||
openssl openssl 1.0.1c |
||
openssl openssl 1.0.1g |
||
openssl openssl 1.0.2g |
||
openssl openssl 1.0.1a |
||
openssl openssl 1.0.1d |
||
openssl openssl 1.0.2c |
||
openssl openssl 1.0.2 |
||
openssl openssl 1.0.1p |
||
openssl openssl 1.0.1k |
||
openssl openssl 1.0.1b |
||
openssl openssl 1.0.1n |
||
openssl openssl 1.0.1q |
||
openssl openssl 1.0.1e |
||
openssl openssl 1.0.1l |
||
openssl openssl 1.0.1f |
||
openssl openssl 1.0.1s |
||
openssl openssl 1.0.1o |
||
openssl openssl 1.0.2f |
||
openssl openssl 1.0.1i |
||
openssl openssl 1.0.2d |
||
debian debian linux 8.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
nodejs node.js |
||
nodejs node.js 6.0.0 |
Two innocent programming blunders breed high-risk flaw
Six security patches – two of them high severity – have been released today for OpenSSL 1.0.1 and 1.0.2. Last week, the open-source crypto-library project warned that a bunch of fixes were incoming, and true enough, Tuesday’s updates address serious flaws that should be installed as soon as possible. CVE-2016-2108 is a curious beast; a hybrid of two low-risk bugs that can be fused into a serious problem. The first is a seemingly innocuous issue with the ASN.1 parser whereby if a zero is re...