vulnerability
Oracle Linux: CVE-2016-2180: ELSA-2016-1940: openssl security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:H/Au:N/C:N/I:N/A:C) | Jul 21, 2016 | Sep 27, 2016 | Nov 29, 2024 |
Severity
4
CVSS
(AV:L/AC:H/Au:N/C:N/I:N/A:C)
Published
Jul 21, 2016
Added
Sep 27, 2016
Modified
Nov 29, 2024
Description
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker.
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker.
Solution(s)
oracle-linux-upgrade-openssloracle-linux-upgrade-openssl-develoracle-linux-upgrade-openssl-libsoracle-linux-upgrade-openssl-perloracle-linux-upgrade-openssl-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.