Lucene search

PRIOn knowledge basePRION:CVE-2016-2842

HistoryMar 03, 2016 - 8:59 p.m.

Out-of-bounds

2016-03-0320:59:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.769 High

EPSS

Percentile

98.2%

JSON

The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

CPENameOperatorVersion
openssleq1.0.1109
openssleq1.0.297
openssleq1.0.1106
openssleq1.0.1 beta2
openssleq1.0.1104
openssleq1.0.2101
openssleq1.0.1114
openssleq1.0.298
openssleq1.0.199
openssleq1.0.1103

Name	Operator	Version
openssl	eq	1.0.1109
openssl	eq	1.0.297
openssl	eq	1.0.1106
openssl	eq	1.0.1 beta2
openssl	eq	1.0.1104
openssl	eq	1.0.2101
openssl	eq	1.0.1114
openssl	eq	1.0.298
openssl	eq	1.0.199
openssl	eq	1.0.1103

Rows per page:

1-10 of 321

References

rhn.redhat.com/errata/RHSA-2016-0722.html

rhn.redhat.com/errata/RHSA-2016-0996.html

rhn.redhat.com/errata/RHSA-2016-2073.html

rhn.redhat.com/errata/RHSA-2016-2957.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/84169

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

kc.mcafee.com/corporate/index?page=content&id=SB10152

marc.info/?l=bugtraq&m=145983526810210&w=2

marc.info/?l=bugtraq&m=146108058503441&w=2

openssl.org/news/secadv/20160301.txt

security.netapp.com/advisory/ntap-20160321-0001/