CVE-2016-2105

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1t and 1.0.2h MySQL Server versions 5.6.30 and earlier, 5.7.12 and earlier

Description The issue is related to an integer overflow in the EVP EncodeUpdate function in OpenSSL, which can cause a denial of service or potentially allow remote attackers to execute arbitrary code. This is due to improper bounds checking, allowing an attacker to overflow a buffer by sending a large amount of binary data. The vulnerability can be exploited by an unauthenticated, remote attacker. It affects various products, including MySQL Server, and can result in unauthorized ability to cause a hang or crash of the server.

Recommendations For OpenSSL versions prior to 1.0.1t and 1.0.2h, update to version 1.0.1t or 1.0.2h or later to resolve the issue. For MySQL Server versions 5.6.30 and earlier, 5.7.12 and earlier, update to a version later than 5.6.30 or 5.7.12 to resolve the issue. As a temporary workaround, consider restricting access to the EVP EncodeUpdate function until a patch is available.