Описание
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openssl | Will not fix | ||
| Red Hat Enterprise Linux 5 | openssl097a | Will not fix | ||
| Red Hat Enterprise Linux 6 | openssl098e | Will not fix | ||
| Red Hat Enterprise Linux 7 | openssl098e | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | openssl | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 2 | openssl | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 3 | openssl | Fix deferred | ||
| JBoss Core Services on RHEL 6 | jbcs-httpd24-httpd | Fixed | RHSA-2017:0193 | 25.01.2017 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-mod_auth_kerb | Fixed | RHSA-2017:0193 | 25.01.2017 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-mod_bmx | Fixed | RHSA-2017:0193 | 25.01.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-bu ...
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Уязвимость библиотеки OpenSSL, вызванная целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие
EPSS
5.9 Medium
CVSS3
2.6 Low
CVSS2