CVE-2016-2842
published 2016-03-03CVE-2016-2842: The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation…
PriorityP358critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
53.65%
98.9th percentile
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 1.0.2g-1 (bookworm) | openssl 1.0.2g-1 (bookworm) |
| android | — | — | |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists in the doapr_outch function within crypto/bio/b_print.c in OpenSSL; monitor for exploitation attempts targeting BIO_*printf functions with large/untrusted data inputs. ↗
- →Applications passing large amounts of untrusted data through BIO_*printf functions are the attack vector; detect anomalous large ASN.1 data payloads sent to OpenSSL-consuming services. ↗
- ·Affected versions are OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g; systems running these versions are vulnerable and should be prioritized for patching. ↗
- ·Red Hat Enterprise Linux 5 (openssl, openssl097a) and RHEL 6/7 (openssl098e) are marked 'Will not fix', meaning these platforms will remain vulnerable; detection coverage on these systems is especially important. ↗
- ·Debian resolved the vulnerability in openssl 1.0.2g-1 across all tracked releases (bookworm, bullseye, forky, sid, trixie); verify package version on Debian-based systems. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
CISA ICS
Advantech Spectre RT Industrial Routers
cisa_ics·2021-02-23·CVSS 7.5
[HIGH] Advantech Spectre RT Industrial Routers
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech Spectre RT Industrial Routers
Last RevisedFebruary 23, 2021
Alert CodeICSA-21-054-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Advantech
- Equipment: Spectre RT Industrial Routers
- Vulnerabilities: Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper Restriction of Excessive Authentication Attempts, Use of a Broken or Risky Cryptographic Algorithm, Use of Platform-Dependent Third-party Components
## 2. RISK EVALUATION
Successful e
Palo Alto
PAN-SA-2016-0020 OpenSSL Vulnerabilities
vendor_paloalto·2016-08-15·CVSS 7.5
CVE-2014-8176 [HIGH] CWE-119 PAN-SA-2016-0020 OpenSSL Vulnerabilities
PAN-SA-2016-0020 OpenSSL Vulnerabilities
The OpenSSL library has been found to contain several vulnerabilities CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1794, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2842. Palo Alto Networks software makes use of the vulnerable library. (Ref # 95622). The OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from low to high but, have not been shown to be exploitable at the time of this advisory. This issue affects PAN-OS 5.0.X; PAN-OS-5.1.X; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earl
Android
CVE-2016-2842: Android Security Bulletin 2016-08-01
CVE: CVE-2016-2842
Affected AOSP versions: 4
vendor_android·2016-08-01·CVSS 9.8
CVE-2016-2842 [CRITICAL] CVE-2016-2842: Android Security Bulletin 2016-08-01
CVE: CVE-2016-2842
Affected AOSP versions: 4
Android Security Bulletin 2016-08-01
CVE: CVE-2016-2842
Affected AOSP versions: 4.4.4, 5.0.2, 5.1.1
References: A-29060514
Red Hat
openssl: doapr_outch function does not verify that certain memory allocation succeeds
vendor_redhat·2016-03-03·CVSS 9.8
CVE-2016-2842 [CRITICAL] CWE-787 openssl: doapr_outch function does not verify that certain memory allocation succeeds
openssl: doapr_outch function does not verify that certain memory allocation succeeds
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application.
Package: openssl (
Ivanti
Ivanti Security Advisory: CVE-2016-0799
vendor_ivanti·2016-03-03·CVSS 9.8
CVE-2016-0799 [CRITICAL] CWE-119 Ivanti Security Advisory: CVE-2016-0799
Ivanti Security Advisory: CVE-2016-0799
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
CVE IDs: CVE-2016-0799
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-119
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
vendor_cisco·2016-03-02
CVE-2016-0702 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities.
DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol.
To execute a successful DROWN attack, the attacker m
Red Hat
OpenSSL: Fix memory issues in BIO_*printf functions
vendor_redhat·2016-02-26·CVSS 9.8
CVE-2016-0799 [CRITICAL] OpenSSL: Fix memory issues in BIO_*printf functions
OpenSSL: Fix memory issues in BIO_*printf functions
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application.
Statement: The original issue fixed by OpenSSL upstream contains two distinct fixes. The
Debian
CVE-2016-0799: openssl - The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1...
vendor_debian·2016·CVSS 9.8
CVE-2016-0799 [CRITICAL] CVE-2016-0799: openssl - The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1...
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
Scope: local
bookworm: resolved (fixed in 1.0.2g-1)
bullseye: resolved (fixed in 1.0.2g-1)
forky: resolved (fixed in 1.0.2g-1)
sid: resolved (fixed in 1.0.2g-1)
trixie: resolved (fixed in 1.0.2g-1)
Debian
CVE-2016-2842: openssl - The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s ...
vendor_debian·2016·CVSS 9.8
CVE-2016-2842 [CRITICAL] CVE-2016-2842: openssl - The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s ...
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
Scope: local
bookworm: resolved (fixed in 1.0.2g-1)
bullseye: resolved (fixed in 1.0.2g-1)
forky: resolved (fixed in 1.0.2g-1)
sid: resolved (fixed in 1.0.2g-1)
trixie: resolved (fixed in 1.0.2g-1)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
vendor_cisco
CVE-2016-2842 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
CVE-2016-2842: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities. DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol. To execute a successful DROWN attack, th
GHSA
GHSA-jj34-65xr-hwrp: The doapr_outch function in crypto/bio/b_print
ghsa_unreviewed·2022-05-14·CVSS 9.8
CVE-2016-2842 [CRITICAL] CWE-119 GHSA-jj34-65xr-hwrp: The doapr_outch function in crypto/bio/b_print
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
GHSA
GHSA-x493-jjcm-ffg2: The fmtstr function in crypto/bio/b_print
ghsa_unreviewed·2022-05-14·CVSS 9.8
CVE-2016-0799 [CRITICAL] CWE-119 GHSA-x493-jjcm-ffg2: The fmtstr function in crypto/bio/b_print
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
OSV
CVE-2016-0799: The fmtstr function in crypto/bio/b_print
osv·2016-03-03·CVSS 9.8
CVE-2016-0799 [CRITICAL] CVE-2016-0799: The fmtstr function in crypto/bio/b_print
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
OSV
CVE-2016-2842: The doapr_outch function in crypto/bio/b_print
osv·2016-03-03·CVSS 9.8
CVE-2016-2842 [CRITICAL] CVE-2016-2842: The doapr_outch function in crypto/bio/b_print
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
No detection rules found.
No public exploits indexed.
arXiv
From LLMs to Agents: A Comparative Evaluation of LLMs and LLM-based Agents in Security Patch Detection
arxiv_fulltext·2025-11-11
From LLMs to Agents: A Comparative Evaluation of LLMs and LLM-based Agents in Security Patch Detection
From LLMs to Agents: A Comparative Evaluation of LLMs and LLM-based Agents in Security Patch Detection
Junxiao Han, Zheng Yu, Lingfeng Bao, Jiakun Liu, Yao Wan, Jianwei Yin, Shuiguang Deng, and Song Han
Junxiao Han, Zheng Yu, and Song Han are with the School of Computer and Computing Science, Hangzhou City University, Hangzhou 310015, China. E-mail: [email protected], [email protected], and [email protected]
Lingfeng Bao is with the State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou 310027, China. E-mail: [email protected]
Jiakun Liu is with the Faculty of Computing, Harbin Institute of Technology, Harbin 150001, China. E-mail: [email protected]
Yao Wan is with the College of Computer Science and Technology, Huazhong University of Science and T
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
arXiv
A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics
arxiv_fulltext·2021-12-13
A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics
A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics
1st Ángel Longueira-Romero, 2nd Rosa Iglesias, 3rd Jose Luis Flores
Industrial Cybersecurity
Ikerlan Technology Research Centre (BRTA)
Arrasate/Mondragón, Spain
\alongueira, riglesias, jlflores\@ikerlan.es
4th Iñaki Garitano
Dept. of Electronics and Computing
Mondragon Unibertsitatea
Arrasate/Mondragón, Spain
[email protected]
## Abstract
Industrial components are of high importance because they control critical infrastructures that form the lifeline of modern societies.
However, the rapid evolution of industrial components, together with the new paradigm of Industry 4.0, and the new connectivity features that will be introduced by the 5G technology, all increase the likeliho
arXiv
Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities
arxiv_fulltext·2019-05-22
Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities
1.55cm
[1]
\@fnsymbol#1
Hey Google, What Exactly Do Your Security Patches Tell Us?\ Large-Scale Empirical Study on Android Patched Vulnerabilities
Sadegh Farhang Sadegh Farhang and Mehmet Bahadir Kirdan equally contributed to this work.
Pennsylvania State University
[email protected]
Mehmet Bahadir Kirdan 1
Technical University of Munich
[email protected]
Aron Laszka
University of Houston
[email protected]
Jens Grossklags
Technical University of Munich
[email protected]
## Abstract
Android has the largest market share among smartphone platforms worldwide with more than one billion active devices.
Like other platforms, security patches play a pivotal role in keeping Android devices safe from the exploitation of known vulnerabilities. Previous research efforts have documente
Bugzilla
CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds
bugzilla·2016-03-04·CVSS 9.8
CVE-2016-2842 [CRITICAL] CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds
CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds
It was found that doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data. This issues is different than CVE-2016-0799.
Upstream patch:
https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
Discussion:
Created openssl101e tracking bugs for this issue:
Affects: epel-5 [bug 1314766]
---
Created openssl tracking bugs for this issue:
Affects
Bugzilla
CVE-2016-2842 mingw-openssl: openssl: doapr_outch function does not verify that certain memory allocation succeeds [fedora-all]
bugzilla·2016-03-04·CVSS 9.8
CVE-2016-2842 [CRITICAL] CVE-2016-2842 mingw-openssl: openssl: doapr_outch function does not verify that certain memory allocation succeeds [fedora-all]
CVE-2016-2842 mingw-openssl: openssl: doapr_outch function does not verify that certain memory allocation succeeds [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
Bugzilla
CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds [fedora-all]
bugzilla·2016-03-04·CVSS 9.8
CVE-2016-2842 [CRITICAL] CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds [fedora-all]
CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affe
Bugzilla
CVE-2016-2842 openssl101e: openssl: doapr_outch function does not verify that certain memory allocation succeeds [epel-5]
bugzilla·2016-03-04·CVSS 9.8
CVE-2016-2842 [CRITICAL] CVE-2016-2842 openssl101e: openssl: doapr_outch function does not verify that certain memory allocation succeeds [epel-5]
CVE-2016-2842 openssl101e: openssl: doapr_outch function does not verify that certain memory allocation succeeds [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug au
Bugzilla
CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
bugzilla·2016-02-26·CVSS 9.8
CVE-2016-0799 [CRITICAL] CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
As per Upstream advisory:
The internal |fmtstr| function used in processing a "%s" format string in the
BIO_*printf functions could overflow while calculating the length of a string
and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to an OOB
memory location (at an offset from the NULL pointer) in the event of a memory
allocation failure. In 1.0.2 and below this could be caused where the size of a
buffer to be allocated is greater than INT_MAX. E.g. this could be in processing
a very long "%s" format string. Memory leaks can also occur.
These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. T
http://marc.info/?l=bugtraq&m=145983526810210&w=2http://marc.info/?l=bugtraq&m=146108058503441&w=2http://openssl.org/news/secadv/20160301.txthttp://rhn.redhat.com/errata/RHSA-2016-0722.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0996.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2073.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/84169https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://kc.mcafee.com/corporate/index?page=content&id=SB10152https://security.netapp.com/advisory/ntap-20160321-0001/http://marc.info/?l=bugtraq&m=145983526810210&w=2http://marc.info/?l=bugtraq&m=146108058503441&w=2http://openssl.org/news/secadv/20160301.txthttp://rhn.redhat.com/errata/RHSA-2016-0722.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0996.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2073.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/84169https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://kc.mcafee.com/corporate/index?page=content&id=SB10152https://security.netapp.com/advisory/ntap-20160321-0001/
2016-03-03
Published