Уязвимость CVE-2016-2842: Информация

Описание

The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

Важность: CRITICAL (9,8) Вектор: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

      ---