cbcvebase.
CVE-2016-2842
published 2016-03-03

CVE-2016-2842: The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation…

PriorityP358critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
53.65%
98.9th percentile
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
debianopenssl< openssl 1.0.2g-1 (bookworm)openssl 1.0.2g-1 (bookworm)
googleandroid
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability exists in the doapr_outch function within crypto/bio/b_print.c in OpenSSL; monitor for exploitation attempts targeting BIO_*printf functions with large/untrusted data inputs.
  • Applications passing large amounts of untrusted data through BIO_*printf functions are the attack vector; detect anomalous large ASN.1 data payloads sent to OpenSSL-consuming services.
  • ·Affected versions are OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g; systems running these versions are vulnerable and should be prioritized for patching.
  • ·Red Hat Enterprise Linux 5 (openssl, openssl097a) and RHEL 6/7 (openssl098e) are marked 'Will not fix', meaning these platforms will remain vulnerable; detection coverage on these systems is especially important.
  • ·Debian resolved the vulnerability in openssl 1.0.2g-1 across all tracked releases (bookworm, bullseye, forky, sid, trixie); verify package version on Debian-based systems.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.