vulnerability
Oracle Linux: CVE-2016-2105: ELSA-2016-0722: openssl security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:P/I:P/A:P) | May 3, 2016 | May 9, 2016 | Jan 7, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
May 3, 2016
Added
May 9, 2016
Modified
Jan 7, 2025
Description
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.
Solution(s)
oracle-linux-upgrade-openssloracle-linux-upgrade-openssl-develoracle-linux-upgrade-openssl-fipsoracle-linux-upgrade-openssl-fips-develoracle-linux-upgrade-openssl-fips-perloracle-linux-upgrade-openssl-fips-staticoracle-linux-upgrade-openssl-libsoracle-linux-upgrade-openssl-perloracle-linux-upgrade-openssl-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.