CVE-2016-2177

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.0 through 1.0.2h OpenSSL (affected versions not specified)

Description The issue is caused by an integer overflow, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging unexpected malloc behavior. This is related to incorrect pointer arithmetic for heap-buffer boundary checks in files such as s3 srvr.c, ssl sess.c, and t1 lib.c. The vulnerability could also be exploited to cause the application to crash by attempting to use CRLs due to a missing CRL sanity check.

Recommendations For OpenSSL versions 1.0.0 through 1.0.2h, update to a version later than 1.0.2h to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability for other affected versions.