Your submission was sent successfully! Close

CVE-2016-2105

Published: 3 May 2016

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
artful
Released (1.0.2g-1ubuntu5)
bionic
Released (1.0.2g-1ubuntu5)
cosmic
Released (1.0.2g-1ubuntu5)
disco
Released (1.0.2g-1ubuntu5)
precise
Released (1.0.1-4ubuntu5.36)
trusty
Released (1.0.1f-1ubuntu2.19)
upstream
Released (1.0.1t, 1.0.2h)
wily
Released (1.0.2d-0ubuntu1.5)
xenial
Released (1.0.2g-1ubuntu4.1)
yakkety
Released (1.0.2g-1ubuntu5)
zesty
Released (1.0.2g-1ubuntu5)
openssl098
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist