vulnerability
Oracle Linux: CVE-2016-2180: ELSA-2016-1940: openssl security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:H/Au:N/C:N/I:N/A:C) | 2016-07-21 | 2016-09-27 | 2024-11-29 |
Severity
4
CVSS
(AV:L/AC:H/Au:N/C:N/I:N/A:C)
Published
2016-07-21
Added
2016-09-27
Modified
2024-11-29
Description
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker.
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker.
Solution(s)
oracle-linux-upgrade-openssloracle-linux-upgrade-openssl-develoracle-linux-upgrade-openssl-libsoracle-linux-upgrade-openssl-perloracle-linux-upgrade-openssl-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.