CVE-2016-2842

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1s OpenSSL versions 1.0.2 through 1.0.2g

Description The issue is related to the doapr outch function in OpenSSL, which does not verify that a certain memory allocation succeeds. This allows remote attackers to cause a denial of service, such as an out-of-bounds write or excessive memory consumption, by sending a long string, for example, a large amount of ASN.1 data.

Recommendations For OpenSSL versions 1.0.1 through 1.0.1s, update to version 1.0.1s or later. For OpenSSL versions 1.0.2 through 1.0.2g, update to version 1.0.2g or later. As a temporary workaround, consider restricting the input size to prevent excessive memory allocation until a patch is applied.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2016-00635

CESA-2016_0722

CESA-2016_0996

CVE-2016-2842

DSA-3500-1

RHSA-2016:0722

RHSA-2016:0996

RHSA-2016:2073

RHSA-2016_0722

RHSA-2016_0996

Affected Products

Centos

Ibm Aix

Openssl

Red Hat

CVE-2016-2842

Weakness Enumeration

Related Identifiers

Affected Products

References · 93