CVE-2016-0797

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1s OpenSSL versions 1.0.2 through 1.0.2g

Description The issue is caused by multiple integer overflows in the OpenSSL library, allowing remote attackers to cause a denial of service or possibly have other impacts via a long digit string that is mishandled by the BN dec2bn or BN hex2bn function. This is related to the files crypto/bn/bn.h and crypto/bn/bn print.c. A side-channel attack was also found, which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture, potentially leading to the recovery of RSA keys. Additionally, a cross-protocol attack, referred to as the DROWN attack, was discovered, which actively exploits weaknesses in SSL Version 2 to decrypt passively collected Transport Layer Security sessions.

Recommendations For OpenSSL versions 1.0.1 through 1.0.1s, update to version 1.0.1s or later to resolve the issue. For OpenSSL versions 1.0.2 through 1.0.2g, update to version 1.0.2g or later to resolve the issue. As a temporary workaround, consider restricting the use of the BN dec2bn and BN hex2bn functions until a patch is available. Restrict access to servers that support both SSLv2 and TLS and use the same RSA key pair for both protocols to minimize the risk of the DROWN attack.