CVE-2016-2177 in OpenSSLinfo

Summary

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

01/29/2016

Disclosure

06/19/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
91904OpenSSL Pointer Arithmetic integer overflow190Not definedOfficial fixCVE-2016-2177
88080OpenSSL s3_srvr.c integer overflow190Not definedOfficial fixCVE-2016-2177

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!