Описание
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux Extended Update Support 6.7 | guest-images | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 7.2 | rhel-guest-image | Affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | openssl | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | openssl | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | openssl | Affected | ||
| Red Hat Enterprise Linux 5 | openssl | Fixed | RHSA-2016:0302 | 01.03.2016 |
| Red Hat Enterprise Linux 6 | openssl | Fixed | RHSA-2016:0301 | 01.03.2016 |
| Red Hat Enterprise Linux 7 | openssl | Fixed | RHSA-2016:0301 | 01.03.2016 |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | rhev-hypervisor7 | Fixed | RHSA-2016:0379 | 09.03.2016 |
| RHEV 3.X Hypervisor and Agents for RHEL-7 | rhev-hypervisor7 | Fixed | RHSA-2016:0379 | 09.03.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 be ...
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
Уязвимости библиотеки OpenSSL, позволяющие нарушителю вызвать отказ в обслуживании или оказать другое воздействие
EPSS
4.3 Medium
CVSS2